Edit tour

Linux Analysis Report
nshkmpsl.elf

Overview

General Information

Sample name:	nshkmpsl.elf
Analysis ID:	1579196
MD5:	93fd486b11295b3afe342235f19939b2
SHA1:	54b411b7fdce6c81dfb49114d4c6acb0bc0d2b83
SHA256:	2715dd927cb888ecfda97e09465bc205aeed6e58eadcace8efd9ca5b1e62be0f
Tags:	elfuser-abuse_ch
Infos:

Detection

Mirai

Score:	64
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Yara detected Mirai

Connects to many ports of the same IP (likely port scanning)

Sends malformed DNS queries

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Sample listens on a socket

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1579196
Start date and time:	2024-12-21 04:01:12 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	nshkmpsl.elf
Detection:	MAL
Classification:	mal64.troj.linELF@0/0@26/0

Runtime Messages

Command:	/tmp/nshkmpsl.elf
PID:	5542
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	I just wanna look after my cats, man.
Standard Error:

Process Tree

system is lnxubuntu20

nshkmpsl.elf (PID: 5542, Parent: 5467, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/nshkmpsl.elf

nshkmpsl.elf New Fork (PID: 5544, Parent: 5542)

nshkmpsl.elf New Fork (PID: 5599, Parent: 5544)

nshkmpsl.elf New Fork (PID: 5609, Parent: 5599)

nshkmpsl.elf New Fork (PID: 5615, Parent: 5609)

nshkmpsl.elf New Fork (PID: 5546, Parent: 5542)

nshkmpsl.elf New Fork (PID: 5567, Parent: 5546)

nshkmpsl.elf New Fork (PID: 5571, Parent: 5567)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Mirai	Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.	No Attribution	http://osint.bambenekconsulting.com/feeds/ http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/ https://blog.malwaremustdie.org/2020/02/mmd-0065-2021-linuxmirai-fbot-re.html https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai-en/ https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
nshkmpsl.elf	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
5542.1.00007fcec4400000.00007fcec4415000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security
5544.1.00007fcec4400000.00007fcec4415000.r-x.sdmp	JoeSecurity_Mirai_8	Yara detected Mirai	Joe Security

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: nshkmpsl.elf

ReversingLabs: Detection: 18%

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 176.32.32.113 ports 17980,0,1,14705,5,8,10158
Source: global traffic	TCP traffic: 212.64.215.71 ports 7374,13474,25334,3,4,7,14104
Source: global traffic	TCP traffic: 212.60.5.153 ports 7374,19242,1655,3,4,7,10158,9939
Source: global traffic	TCP traffic: 212.192.13.95 ports 1,2,4,5,7,15247

Sends malformed DNS queries

Source: global traffic	DNS traffic detected: malformed DNS query: catvision.dyn. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: hikvision.geek. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: shitrocket.dyn. [malformed]
Source: global traffic	DNS traffic detected: malformed DNS query: catlovingfools.geek. [malformed]

Source: global traffic	TCP traffic: 192.168.2.15:55948 -> 212.64.215.71:7374
Source: global traffic	TCP traffic: 192.168.2.15:42020 -> 212.60.5.153:7374
Source: global traffic	TCP traffic: 192.168.2.15:60386 -> 176.32.32.113:10158
Source: global traffic	TCP traffic: 192.168.2.15:56826 -> 86.107.100.19:8672
Source: global traffic	TCP traffic: 192.168.2.15:54052 -> 185.72.8.231:1655
Source: global traffic	TCP traffic: 192.168.2.15:39822 -> 212.192.13.95:15247

Source: /tmp/nshkmpsl.elf (PID: 5542)

Socket: 127.0.0.1:1172

Jump to behavior

Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 217.160.70.42
Source: unknown	UDP traffic detected without corresponding DNS query: 168.138.12.137
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 81.169.136.222
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 80.152.203.134
Source: unknown	UDP traffic detected without corresponding DNS query: 152.53.15.127
Source: unknown	UDP traffic detected without corresponding DNS query: 194.36.144.87
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 213.202.211.221
Source: unknown	UDP traffic detected without corresponding DNS query: 168.138.12.137
Source: unknown	UDP traffic detected without corresponding DNS query: 185.181.61.24
Source: unknown	UDP traffic detected without corresponding DNS query: 80.152.203.134

Source: global traffic	DNS traffic detected: DNS query: shitrocket.dyn
Source: global traffic	DNS traffic detected: DNS query: hikvision.geek
Source: global traffic	DNS traffic detected: DNS query: catvision.dyn. [malformed]
Source: global traffic	DNS traffic detected: DNS query: catlovingfools.geek
Source: global traffic	DNS traffic detected: DNS query: hikvision.geek. [malformed]
Source: global traffic	DNS traffic detected: DNS query: shitrocket.dyn. [malformed]
Source: global traffic	DNS traffic detected: DNS query: catlovingfools.geek. [malformed]

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal64.troj.linELF@0/0@26/0

Source: /tmp/nshkmpsl.elf (PID: 5542)

Queries kernel information via 'uname':

Jump to behavior

Source: nshkmpsl.elf, 5542.1.000055cf0337a000.000055cf03423000.rw-.sdmp, nshkmpsl.elf, 5544.1.000055cf0337a000.000055cf03423000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: nshkmpsl.elf, 5542.1.00007ffe33f13000.00007ffe33f34000.rw-.sdmp, nshkmpsl.elf, 5544.1.00007ffe33f13000.00007ffe33f34000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/nshkmpsl.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/nshkmpsl.elf
Source: nshkmpsl.elf, 5542.1.000055cf0337a000.000055cf03423000.rw-.sdmp, nshkmpsl.elf, 5544.1.000055cf0337a000.000055cf03423000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: nshkmpsl.elf, 5542.1.00007ffe33f13000.00007ffe33f34000.rw-.sdmp, nshkmpsl.elf, 5544.1.00007ffe33f13000.00007ffe33f34000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Stealing of Sensitive Information

Yara detected Mirai

Source: Yara match	File source: nshkmpsl.elf, type: SAMPLE
Source: Yara match	File source: 5542.1.00007fcec4400000.00007fcec4415000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5544.1.00007fcec4400000.00007fcec4415000.r-x.sdmp, type: MEMORY

Remote Access Functionality

Yara detected Mirai

Source: Yara match	File source: nshkmpsl.elf, type: SAMPLE
Source: Yara match	File source: 5542.1.00007fcec4400000.00007fcec4415000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5544.1.00007fcec4400000.00007fcec4415000.r-x.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
nshkmpsl.elf	18%	ReversingLabs	Linux.Trojan.Mirai

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
shitrocket.dyn	86.107.100.19	true	false	high
catlovingfools.geek	212.60.5.153	true	false	high
hikvision.geek	86.107.100.19	true	false	high
catlovingfools.geek. [malformed]	unknown	unknown	false	high
hikvision.geek. [malformed]	unknown	unknown	false	high
shitrocket.dyn. [malformed]	unknown	unknown	false	high
catvision.dyn. [malformed]	unknown	unknown	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.72.8.231	unknown	Russian Federation	57844	SPD-NETTR	false
176.32.32.113	unknown	Russian Federation	51659	ASBAXETRU	true
212.64.215.71	unknown	Turkey	15395	RACKSPACE-LONGB	true
212.60.5.153	catlovingfools.geek	Russian Federation	49392	ASBAXETNRU	false
212.192.13.95	unknown	Russian Federation	49392	ASBAXETNRU	true
86.107.100.19	shitrocket.dyn	Romania	38995	AMG-ASRO	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
212.64.215.71	nshkppc.elf	Get hash	malicious	Unknown	Browse
	nshkmpsl.elf	Get hash	malicious	Unknown	Browse
	nshkmips.elf	Get hash	malicious	Unknown	Browse
	nshkarm7.elf	Get hash	malicious	Unknown	Browse
	nshkarm5.elf	Get hash	malicious	Unknown	Browse
	nshkarm.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
hikvision.geek	nshkarm7.elf	Get hash	malicious	Mirai	Browse	212.192.13.95
	nshkmips.elf	Get hash	malicious	Mirai	Browse	80.78.26.121
	arm4.elf	Get hash	malicious	Mirai	Browse	212.60.5.153
shitrocket.dyn	nshkmips.elf	Get hash	malicious	Mirai	Browse	176.32.32.113
shitrocket.dyn	nsharm7.elf	Get hash	malicious	Mirai	Browse	212.192.13.95
catlovingfools.geek	nshkarm7.elf	Get hash	malicious	Mirai	Browse	212.192.13.95
	nshkmips.elf	Get hash	malicious	Mirai	Browse	80.78.26.121
	nsharm7.elf	Get hash	malicious	Mirai	Browse	80.78.26.121

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ASBAXETRU	UPDATED CONTRACT.exe	Get hash	malicious	FormBook	Browse	176.32.38.130
	quotation.exe	Get hash	malicious	FormBook	Browse	176.32.38.130
	ppc.elf	Get hash	malicious	Unknown	Browse	45.147.200.148
	hmips.elf	Get hash	malicious	Unknown	Browse	45.147.200.148
	arm4.elf	Get hash	malicious	Unknown	Browse	45.140.169.21
	mips.elf	Get hash	malicious	Unknown	Browse	176.32.39.112
	ppc.elf	Get hash	malicious	Unknown	Browse	176.32.39.112
	hmips.elf	Get hash	malicious	Unknown	Browse	185.22.155.152
	PAYMENT_ADVICE.exe	Get hash	malicious	FormBook	Browse	176.32.38.183
	specifications.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	176.32.38.130
SPD-NETTR	mipsel.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	2.58.124.230
	63Blg3Psdt.exe	Get hash	malicious	DCRat	Browse	185.118.143.220
	https://vmehy.daxizzobui.top/	Get hash	malicious	Unknown	Browse	195.133.45.183
	http://umjkitjtsk.top/crp/325gewfkj345	Get hash	malicious	Unknown	Browse	195.133.45.183
	http://draggedline.org	Get hash	malicious	Unknown	Browse	45.12.65.149
	LisectAVT_2403002C_106.exe	Get hash	malicious	Darkbot	Browse	195.133.45.237
	611479C78035C912DD69E3CFDADBF74649BB1FCE6241B7573CFB0C7A2FC2FB2F.exe	Get hash	malicious	Bdaejec, PrivateLoader	Browse	212.193.30.29
	wO2hW34tnC.elf	Get hash	malicious	Mirai, Gafgyt, Okiru	Browse	45.158.226.175
	pVwXSHLriO.elf	Get hash	malicious	Mirai, Moobot	Browse	45.67.86.157
	na.elf	Get hash	malicious	Mirai	Browse	185.118.141.106
RACKSPACE-LONGB	1.elf	Get hash	malicious	Unknown	Browse	146.177.192.99
	nshkppc.elf	Get hash	malicious	Unknown	Browse	212.64.215.71
	nshkmpsl.elf	Get hash	malicious	Unknown	Browse	212.64.215.71
	nshkmips.elf	Get hash	malicious	Unknown	Browse	212.64.215.71
	nshkarm7.elf	Get hash	malicious	Unknown	Browse	212.64.215.71
	nshkarm5.elf	Get hash	malicious	Unknown	Browse	212.64.215.71
	nshkarm.elf	Get hash	malicious	Unknown	Browse	212.64.215.71
	i686.elf	Get hash	malicious	Mirai	Browse	92.52.99.131
	mips.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	89.234.28.7
	Josho.arm.elf	Get hash	malicious	Unknown	Browse	89.234.45.46
ASBAXETNRU	billys.exe	Get hash	malicious	Meduza Stealer	Browse	45.130.145.152
	ruppert.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	45.130.145.152
	SwJD3kiOwV.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	194.87.47.113
	8dw8GAvqmM.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	194.87.47.113
	UYJ0oreVew.exe	Get hash	malicious	Unknown	Browse	194.87.47.113
	L1SrJoDQvG.exe	Get hash	malicious	Unknown	Browse	194.87.47.113
	Ry6ot1YULB.exe	Get hash	malicious	Unknown	Browse	194.87.47.113
	Cc8zEnIDB2.exe	Get hash	malicious	Unknown	Browse	194.87.47.113
	wlEp68Few5.exe	Get hash	malicious	Unknown	Browse	194.87.47.113
	rJvOqHxkuI.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse	194.87.47.113

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.503841976635384
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	nshkmpsl.elf
File size:	89'220 bytes
MD5:	93fd486b11295b3afe342235f19939b2
SHA1:	54b411b7fdce6c81dfb49114d4c6acb0bc0d2b83
SHA256:	2715dd927cb888ecfda97e09465bc205aeed6e58eadcace8efd9ca5b1e62be0f
SHA512:	7fff382a259db1679b5145b16099eb93525ad0eb51967ddef1dd92336ea53b7744b493d7fc6ac0ac06ae23f21035fc885fc4457ce9b0524b9081f68e6d7b8e8c
SSDEEP:	1536:RtUfvdidDbBonozWoK3DHAVSlzZqAtAfDiPQHJcSxnck:RtUfls/BYbAVWzYBhxnc
TLSH:	7593F70ABF615EF7D86FCD3746B90B0234CC555722A82B363934D82CB55B24B5AD3CA8
File Content Preview:	.ELF....................`.@.4...TZ......4. ...(...............@...@..L...L...............P...PE..PE.....x[..........Q.td...............................<L..'!......'.......................<(..'!... .........9'.. ........................<...'!........... 19

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400260
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	88660
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400120	0x120	0x13070	0x0	0x6	AX	16
.fini	PROGBITS	0x413190	0x13190	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x4131f0	0x131f0	0x1ab0	0x0	0x2	A	16
.ctors	PROGBITS	0x455000	0x15000	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x455008	0x15008	0x8	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x455014	0x15014	0x4	0x0	0x3	WA	4
.data	PROGBITS	0x455020	0x15020	0x3c8	0x0	0x3	WA	16
.got	PROGBITS	0x4553f0	0x153f0	0x600	0x4	0x10000003	WAp	16
.sbss	NOBITS	0x4559f0	0x159f0	0x28	0x0	0x10000003	WAp	4
.bss	NOBITS	0x455a20	0x159f0	0x5158	0x0	0x3	WA	16
.mdebug.abi32	PROGBITS	0xc3c	0x159f0	0x0	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x159f0	0x64	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x14ca0	0x14ca0	5.5759	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x15000	0x455000	0x455000	0x9f0	0x5b78	3.6442	0x6	RW	0x10000	.ctors .dtors .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 21, 2024 04:01:54.559247017 CET	55948	7374	192.168.2.15	212.64.215.71
Dec 21, 2024 04:01:54.571409941 CET	55950	7374	192.168.2.15	212.64.215.71
Dec 21, 2024 04:01:54.678930044 CET	7374	55948	212.64.215.71	192.168.2.15
Dec 21, 2024 04:01:54.679052114 CET	55948	7374	192.168.2.15	212.64.215.71
Dec 21, 2024 04:01:54.679335117 CET	55948	7374	192.168.2.15	212.64.215.71
Dec 21, 2024 04:01:54.690958023 CET	7374	55950	212.64.215.71	192.168.2.15
Dec 21, 2024 04:01:54.691215038 CET	55950	7374	192.168.2.15	212.64.215.71
Dec 21, 2024 04:01:54.691251040 CET	55950	7374	192.168.2.15	212.64.215.71
Dec 21, 2024 04:01:54.798748970 CET	7374	55948	212.64.215.71	192.168.2.15
Dec 21, 2024 04:01:54.798866034 CET	55948	7374	192.168.2.15	212.64.215.71
Dec 21, 2024 04:01:54.808625937 CET	42020	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:01:54.810725927 CET	7374	55950	212.64.215.71	192.168.2.15
Dec 21, 2024 04:01:54.810839891 CET	55950	7374	192.168.2.15	212.64.215.71
Dec 21, 2024 04:01:54.821578979 CET	42022	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:01:54.918433905 CET	7374	55948	212.64.215.71	192.168.2.15
Dec 21, 2024 04:01:54.928129911 CET	7374	42020	212.60.5.153	192.168.2.15
Dec 21, 2024 04:01:54.928247929 CET	42020	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:01:54.928627014 CET	42020	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:01:54.930780888 CET	7374	55950	212.64.215.71	192.168.2.15
Dec 21, 2024 04:01:54.941063881 CET	7374	42022	212.60.5.153	192.168.2.15
Dec 21, 2024 04:01:54.941122055 CET	42022	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:01:54.941381931 CET	42022	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:01:55.048122883 CET	7374	42020	212.60.5.153	192.168.2.15
Dec 21, 2024 04:01:55.048240900 CET	42020	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:01:55.060857058 CET	7374	42022	212.60.5.153	192.168.2.15
Dec 21, 2024 04:01:55.060916901 CET	42022	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:01:55.167975903 CET	7374	42020	212.60.5.153	192.168.2.15
Dec 21, 2024 04:01:55.181082010 CET	7374	42022	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:04.683530092 CET	55948	7374	192.168.2.15	212.64.215.71
Dec 21, 2024 04:02:04.701183081 CET	55950	7374	192.168.2.15	212.64.215.71
Dec 21, 2024 04:02:04.803035975 CET	7374	55948	212.64.215.71	192.168.2.15
Dec 21, 2024 04:02:04.821125031 CET	7374	55950	212.64.215.71	192.168.2.15
Dec 21, 2024 04:02:04.936996937 CET	42020	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:04.948939085 CET	42022	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:05.056564093 CET	7374	42020	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:05.068444014 CET	7374	42022	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:16.582125902 CET	7374	55950	212.64.215.71	192.168.2.15
Dec 21, 2024 04:02:16.582154989 CET	7374	55948	212.64.215.71	192.168.2.15
Dec 21, 2024 04:02:16.582890987 CET	55948	7374	192.168.2.15	212.64.215.71
Dec 21, 2024 04:02:16.583818913 CET	55950	7374	192.168.2.15	212.64.215.71
Dec 21, 2024 04:02:16.707495928 CET	7374	55948	212.64.215.71	192.168.2.15
Dec 21, 2024 04:02:16.707510948 CET	7374	55950	212.64.215.71	192.168.2.15
Dec 21, 2024 04:02:21.827792883 CET	60386	10158	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:21.828133106 CET	51904	10158	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:21.947345972 CET	10158	60386	176.32.32.113	192.168.2.15
Dec 21, 2024 04:02:21.947559118 CET	10158	51904	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:21.947608948 CET	60386	10158	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:21.947635889 CET	51904	10158	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:21.947727919 CET	51904	10158	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:21.947799921 CET	60386	10158	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:22.067210913 CET	10158	51904	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:22.067234039 CET	10158	60386	176.32.32.113	192.168.2.15
Dec 21, 2024 04:02:22.067332029 CET	51904	10158	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:22.067343950 CET	60386	10158	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:22.144921064 CET	7374	42020	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:22.145229101 CET	42020	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:22.145349979 CET	42020	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:22.186830044 CET	10158	51904	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:22.186844110 CET	10158	60386	176.32.32.113	192.168.2.15
Dec 21, 2024 04:02:27.387700081 CET	33202	14104	192.168.2.15	212.64.215.71
Dec 21, 2024 04:02:27.507224083 CET	14104	33202	212.64.215.71	192.168.2.15
Dec 21, 2024 04:02:27.507350922 CET	33202	14104	192.168.2.15	212.64.215.71
Dec 21, 2024 04:02:27.507491112 CET	33202	14104	192.168.2.15	212.64.215.71
Dec 21, 2024 04:02:27.627039909 CET	14104	33202	212.64.215.71	192.168.2.15
Dec 21, 2024 04:02:27.627132893 CET	33202	14104	192.168.2.15	212.64.215.71
Dec 21, 2024 04:02:27.746711016 CET	14104	33202	212.64.215.71	192.168.2.15
Dec 21, 2024 04:02:41.571840048 CET	7374	42022	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:41.572244883 CET	42022	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:41.573026896 CET	42022	7374	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:42.114841938 CET	14104	33202	212.64.215.71	192.168.2.15
Dec 21, 2024 04:02:42.115209103 CET	33202	14104	192.168.2.15	212.64.215.71
Dec 21, 2024 04:02:42.115277052 CET	33202	14104	192.168.2.15	212.64.215.71
Dec 21, 2024 04:02:43.848332882 CET	10158	60386	176.32.32.113	192.168.2.15
Dec 21, 2024 04:02:43.848619938 CET	60386	10158	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:43.968338966 CET	10158	60386	176.32.32.113	192.168.2.15
Dec 21, 2024 04:02:47.224525928 CET	56826	8672	192.168.2.15	86.107.100.19
Dec 21, 2024 04:02:47.344489098 CET	8672	56826	86.107.100.19	192.168.2.15
Dec 21, 2024 04:02:47.344970942 CET	56826	8672	192.168.2.15	86.107.100.19
Dec 21, 2024 04:02:47.344970942 CET	56826	8672	192.168.2.15	86.107.100.19
Dec 21, 2024 04:02:47.464854002 CET	8672	56826	86.107.100.19	192.168.2.15
Dec 21, 2024 04:02:47.465109110 CET	56826	8672	192.168.2.15	86.107.100.19
Dec 21, 2024 04:02:47.585220098 CET	8672	56826	86.107.100.19	192.168.2.15
Dec 21, 2024 04:02:47.625499010 CET	43958	9939	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:47.745815039 CET	9939	43958	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:47.746247053 CET	43958	9939	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:47.746459961 CET	43958	9939	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:47.866594076 CET	9939	43958	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:47.866981030 CET	43958	9939	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:47.986548901 CET	9939	43958	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:48.079629898 CET	10158	51904	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:48.079909086 CET	51904	10158	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:48.079926968 CET	51904	10158	192.168.2.15	212.60.5.153
Dec 21, 2024 04:02:48.199619055 CET	10158	51904	212.60.5.153	192.168.2.15
Dec 21, 2024 04:02:49.118294954 CET	33238	17980	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:49.237920046 CET	17980	33238	176.32.32.113	192.168.2.15
Dec 21, 2024 04:02:49.238100052 CET	33238	17980	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:49.238271952 CET	33238	17980	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:49.357949972 CET	17980	33238	176.32.32.113	192.168.2.15
Dec 21, 2024 04:02:49.358197927 CET	33238	17980	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:49.477838993 CET	17980	33238	176.32.32.113	192.168.2.15
Dec 21, 2024 04:02:53.343099117 CET	46956	14705	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:53.462960005 CET	14705	46956	176.32.32.113	192.168.2.15
Dec 21, 2024 04:02:53.463135004 CET	46956	14705	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:53.463217974 CET	46956	14705	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:53.582811117 CET	14705	46956	176.32.32.113	192.168.2.15
Dec 21, 2024 04:02:53.583059072 CET	46956	14705	192.168.2.15	176.32.32.113
Dec 21, 2024 04:02:53.702814102 CET	14705	46956	176.32.32.113	192.168.2.15
Dec 21, 2024 04:03:02.614383936 CET	8672	56826	86.107.100.19	192.168.2.15
Dec 21, 2024 04:03:02.614655018 CET	56826	8672	192.168.2.15	86.107.100.19
Dec 21, 2024 04:03:02.734289885 CET	8672	56826	86.107.100.19	192.168.2.15
Dec 21, 2024 04:03:07.863507032 CET	49816	25334	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:07.984539986 CET	25334	49816	212.64.215.71	192.168.2.15
Dec 21, 2024 04:03:07.984858036 CET	49816	25334	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:07.984858036 CET	49816	25334	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:08.105180025 CET	25334	49816	212.64.215.71	192.168.2.15
Dec 21, 2024 04:03:08.105451107 CET	49816	25334	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:08.225596905 CET	25334	49816	212.64.215.71	192.168.2.15
Dec 21, 2024 04:03:09.443557024 CET	25334	49816	212.64.215.71	192.168.2.15
Dec 21, 2024 04:03:09.443833113 CET	49816	25334	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:09.444021940 CET	49816	25334	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:15.448174953 CET	49818	25334	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:15.568221092 CET	25334	49818	212.64.215.71	192.168.2.15
Dec 21, 2024 04:03:15.568517923 CET	49818	25334	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:15.568597078 CET	49818	25334	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:15.688504934 CET	25334	49818	212.64.215.71	192.168.2.15
Dec 21, 2024 04:03:15.688847065 CET	49818	25334	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:15.809037924 CET	25334	49818	212.64.215.71	192.168.2.15
Dec 21, 2024 04:03:17.019448996 CET	25334	49818	212.64.215.71	192.168.2.15
Dec 21, 2024 04:03:17.019850016 CET	49818	25334	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:17.019850016 CET	49818	25334	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:27.276920080 CET	60450	19242	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:27.396723986 CET	19242	60450	212.60.5.153	192.168.2.15
Dec 21, 2024 04:03:27.396939993 CET	60450	19242	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:27.396971941 CET	60450	19242	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:27.516642094 CET	19242	60450	212.60.5.153	192.168.2.15
Dec 21, 2024 04:03:27.516866922 CET	60450	19242	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:27.636730909 CET	19242	60450	212.60.5.153	192.168.2.15
Dec 21, 2024 04:03:32.486654043 CET	9939	43958	212.60.5.153	192.168.2.15
Dec 21, 2024 04:03:32.486975908 CET	43958	9939	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:32.487107038 CET	43958	9939	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:32.796400070 CET	17980	33238	176.32.32.113	192.168.2.15
Dec 21, 2024 04:03:32.796719074 CET	33238	17980	192.168.2.15	176.32.32.113
Dec 21, 2024 04:03:32.916627884 CET	17980	33238	176.32.32.113	192.168.2.15
Dec 21, 2024 04:03:37.738765955 CET	54052	1655	192.168.2.15	185.72.8.231
Dec 21, 2024 04:03:37.858406067 CET	1655	54052	185.72.8.231	192.168.2.15
Dec 21, 2024 04:03:37.858612061 CET	54052	1655	192.168.2.15	185.72.8.231
Dec 21, 2024 04:03:37.858814955 CET	54052	1655	192.168.2.15	185.72.8.231
Dec 21, 2024 04:03:37.978568077 CET	1655	54052	185.72.8.231	192.168.2.15
Dec 21, 2024 04:03:37.978694916 CET	54052	1655	192.168.2.15	185.72.8.231
Dec 21, 2024 04:03:38.061131001 CET	33258	1655	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:38.098534107 CET	1655	54052	185.72.8.231	192.168.2.15
Dec 21, 2024 04:03:38.181009054 CET	1655	33258	212.60.5.153	192.168.2.15
Dec 21, 2024 04:03:38.181214094 CET	33258	1655	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:38.181304932 CET	33258	1655	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:38.300760984 CET	1655	33258	212.60.5.153	192.168.2.15
Dec 21, 2024 04:03:38.300916910 CET	33258	1655	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:38.421226025 CET	1655	33258	212.60.5.153	192.168.2.15
Dec 21, 2024 04:03:39.222122908 CET	1655	54052	185.72.8.231	192.168.2.15
Dec 21, 2024 04:03:39.222465992 CET	54052	1655	192.168.2.15	185.72.8.231
Dec 21, 2024 04:03:39.222548962 CET	54052	1655	192.168.2.15	185.72.8.231
Dec 21, 2024 04:03:43.487241030 CET	46956	14705	192.168.2.15	176.32.32.113
Dec 21, 2024 04:03:43.607160091 CET	14705	46956	176.32.32.113	192.168.2.15
Dec 21, 2024 04:03:44.866132021 CET	39822	15247	192.168.2.15	212.192.13.95
Dec 21, 2024 04:03:44.985836029 CET	15247	39822	212.192.13.95	192.168.2.15
Dec 21, 2024 04:03:44.986084938 CET	39822	15247	192.168.2.15	212.192.13.95
Dec 21, 2024 04:03:44.986129999 CET	39822	15247	192.168.2.15	212.192.13.95
Dec 21, 2024 04:03:45.107363939 CET	15247	39822	212.192.13.95	192.168.2.15
Dec 21, 2024 04:03:45.107666016 CET	39822	15247	192.168.2.15	212.192.13.95
Dec 21, 2024 04:03:45.228848934 CET	15247	39822	212.192.13.95	192.168.2.15
Dec 21, 2024 04:03:48.191494942 CET	33258	1655	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:48.311295033 CET	1655	33258	212.60.5.153	192.168.2.15
Dec 21, 2024 04:03:51.898953915 CET	14705	46956	176.32.32.113	192.168.2.15
Dec 21, 2024 04:03:51.899107933 CET	46956	14705	192.168.2.15	176.32.32.113
Dec 21, 2024 04:03:51.899393082 CET	46956	14705	192.168.2.15	176.32.32.113
Dec 21, 2024 04:03:53.242819071 CET	19242	60450	212.60.5.153	192.168.2.15
Dec 21, 2024 04:03:53.242955923 CET	60450	19242	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:53.243017912 CET	60450	19242	192.168.2.15	212.60.5.153
Dec 21, 2024 04:03:57.163939953 CET	58748	13474	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:57.283463001 CET	13474	58748	212.64.215.71	192.168.2.15
Dec 21, 2024 04:03:57.283720016 CET	58748	13474	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:57.283826113 CET	58748	13474	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:57.403351068 CET	13474	58748	212.64.215.71	192.168.2.15
Dec 21, 2024 04:03:57.403542995 CET	58748	13474	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:57.523099899 CET	13474	58748	212.64.215.71	192.168.2.15
Dec 21, 2024 04:03:58.732995033 CET	13474	58748	212.64.215.71	192.168.2.15
Dec 21, 2024 04:03:58.733186007 CET	58748	13474	192.168.2.15	212.64.215.71
Dec 21, 2024 04:03:58.733236074 CET	58748	13474	192.168.2.15	212.64.215.71

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 21, 2024 04:01:54.305421114 CET	51265	53	192.168.2.15	152.53.15.127
Dec 21, 2024 04:01:54.311675072 CET	46659	53	192.168.2.15	152.53.15.127
Dec 21, 2024 04:01:54.553522110 CET	53	51265	152.53.15.127	192.168.2.15
Dec 21, 2024 04:01:54.554771900 CET	48680	53	192.168.2.15	152.53.15.127
Dec 21, 2024 04:01:54.561974049 CET	53	46659	152.53.15.127	192.168.2.15
Dec 21, 2024 04:01:54.576567888 CET	43992	53	192.168.2.15	152.53.15.127
Dec 21, 2024 04:01:54.807228088 CET	53	48680	152.53.15.127	192.168.2.15
Dec 21, 2024 04:01:54.820494890 CET	53	43992	152.53.15.127	192.168.2.15
Dec 21, 2024 04:02:21.589271069 CET	55579	53	192.168.2.15	217.160.70.42
Dec 21, 2024 04:02:21.589612007 CET	36157	53	192.168.2.15	217.160.70.42
Dec 21, 2024 04:02:21.826581001 CET	53	55579	217.160.70.42	192.168.2.15
Dec 21, 2024 04:02:21.826713085 CET	53	36157	217.160.70.42	192.168.2.15
Dec 21, 2024 04:02:27.149137974 CET	55487	53	192.168.2.15	217.160.70.42
Dec 21, 2024 04:02:27.386816025 CET	53	55487	217.160.70.42	192.168.2.15
Dec 21, 2024 04:02:46.577563047 CET	40624	53	192.168.2.15	217.160.70.42
Dec 21, 2024 04:02:46.815232992 CET	53	40624	217.160.70.42	192.168.2.15
Dec 21, 2024 04:02:46.816817999 CET	36816	53	192.168.2.15	168.138.12.137
Dec 21, 2024 04:02:47.118609905 CET	40102	53	192.168.2.15	185.181.61.24
Dec 21, 2024 04:02:47.222345114 CET	53	36816	168.138.12.137	192.168.2.15
Dec 21, 2024 04:02:47.379112005 CET	53	40102	185.181.61.24	192.168.2.15
Dec 21, 2024 04:02:47.381746054 CET	59984	53	192.168.2.15	194.36.144.87
Dec 21, 2024 04:02:47.623387098 CET	53	59984	194.36.144.87	192.168.2.15
Dec 21, 2024 04:02:48.852356911 CET	33814	53	192.168.2.15	185.181.61.24
Dec 21, 2024 04:02:49.117253065 CET	53	33814	185.181.61.24	192.168.2.15
Dec 21, 2024 04:02:53.084192038 CET	46088	53	192.168.2.15	185.181.61.24
Dec 21, 2024 04:02:53.341444969 CET	53	46088	185.181.61.24	192.168.2.15
Dec 21, 2024 04:03:07.617906094 CET	50607	53	192.168.2.15	194.36.144.87
Dec 21, 2024 04:03:07.861918926 CET	53	50607	194.36.144.87	192.168.2.15
Dec 21, 2024 04:03:14.449956894 CET	47709	53	192.168.2.15	194.36.144.87
Dec 21, 2024 04:03:14.699279070 CET	53	47709	194.36.144.87	192.168.2.15
Dec 21, 2024 04:03:14.701987982 CET	53298	53	192.168.2.15	81.169.136.222
Dec 21, 2024 04:03:14.940629959 CET	53	53298	81.169.136.222	192.168.2.15
Dec 21, 2024 04:03:14.941910982 CET	33960	53	192.168.2.15	185.181.61.24
Dec 21, 2024 04:03:15.198385954 CET	53	33960	185.181.61.24	192.168.2.15
Dec 21, 2024 04:03:15.200052977 CET	55369	53	192.168.2.15	152.53.15.127
Dec 21, 2024 04:03:15.445832014 CET	53	55369	152.53.15.127	192.168.2.15
Dec 21, 2024 04:03:22.023097992 CET	35762	53	192.168.2.15	80.152.203.134
Dec 21, 2024 04:03:27.029989004 CET	56984	53	192.168.2.15	152.53.15.127
Dec 21, 2024 04:03:27.275705099 CET	53	56984	152.53.15.127	192.168.2.15
Dec 21, 2024 04:03:37.491731882 CET	48581	53	192.168.2.15	194.36.144.87
Dec 21, 2024 04:03:37.737339973 CET	53	48581	194.36.144.87	192.168.2.15
Dec 21, 2024 04:03:37.801215887 CET	57429	53	192.168.2.15	185.181.61.24
Dec 21, 2024 04:03:38.058794975 CET	53	57429	185.181.61.24	192.168.2.15
Dec 21, 2024 04:03:44.226035118 CET	48518	53	192.168.2.15	213.202.211.221
Dec 21, 2024 04:03:44.459717989 CET	53	48518	213.202.211.221	192.168.2.15
Dec 21, 2024 04:03:44.461800098 CET	45381	53	192.168.2.15	168.138.12.137
Dec 21, 2024 04:03:44.865205050 CET	53	45381	168.138.12.137	192.168.2.15
Dec 21, 2024 04:03:56.902652979 CET	40596	53	192.168.2.15	185.181.61.24
Dec 21, 2024 04:03:57.162595987 CET	53	40596	185.181.61.24	192.168.2.15
Dec 21, 2024 04:03:58.246939898 CET	40431	53	192.168.2.15	80.152.203.134

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 21, 2024 04:01:54.305421114 CET	192.168.2.15	152.53.15.127	0xa8c8	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.311675072 CET	192.168.2.15	152.53.15.127	0xa8c8	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.554771900 CET	192.168.2.15	152.53.15.127	0xa8c8	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.576567888 CET	192.168.2.15	152.53.15.127	0xa8c8	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.589271069 CET	192.168.2.15	217.160.70.42	0x29cf	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.589612007 CET	192.168.2.15	217.160.70.42	0x29cf	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:27.149137974 CET	192.168.2.15	217.160.70.42	0x29cf	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:46.577563047 CET	192.168.2.15	217.160.70.42	0x29cf	Standard query (0)	catvision.dyn. [malformed]	256	470	false
Dec 21, 2024 04:02:46.816817999 CET	192.168.2.15	168.138.12.137	0x14bd	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.118609905 CET	192.168.2.15	185.181.61.24	0xfbc4	Standard query (0)	catvision.dyn. [malformed]	256	471	false
Dec 21, 2024 04:02:47.381746054 CET	192.168.2.15	194.36.144.87	0x156	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:48.852356911 CET	192.168.2.15	185.181.61.24	0xfbc4	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:53.084192038 CET	192.168.2.15	185.181.61.24	0xfbc4	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:07.617906094 CET	192.168.2.15	194.36.144.87	0x156	Standard query (0)	catlovingfools.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:14.449956894 CET	192.168.2.15	194.36.144.87	0x951d	Standard query (0)	hikvision.geek. [malformed]	256	498	false
Dec 21, 2024 04:03:14.701987982 CET	192.168.2.15	81.169.136.222	0xe7ed	Standard query (0)	shitrocket.dyn. [malformed]	256	498	false
Dec 21, 2024 04:03:14.941910982 CET	192.168.2.15	185.181.61.24	0x6877	Standard query (0)	catlovingfools.geek. [malformed]	256	499	false
Dec 21, 2024 04:03:15.200052977 CET	192.168.2.15	152.53.15.127	0xb634	Standard query (0)	catvision.dyn. [malformed]	256	499	false
Dec 21, 2024 04:03:22.023097992 CET	192.168.2.15	80.152.203.134	0x35b	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:27.029989004 CET	192.168.2.15	152.53.15.127	0xc9c3	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:37.491731882 CET	192.168.2.15	194.36.144.87	0x951d	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:37.801215887 CET	192.168.2.15	185.181.61.24	0x829f	Standard query (0)	shitrocket.dyn	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:44.226035118 CET	192.168.2.15	213.202.211.221	0x3ed9	Standard query (0)	catvision.dyn. [malformed]	256	272	false
Dec 21, 2024 04:03:44.461800098 CET	192.168.2.15	168.138.12.137	0xb2f3	Standard query (0)	hikvision.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:56.902652979 CET	192.168.2.15	185.181.61.24	0x829f	Standard query (0)	catlovingfools.geek	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:58.246939898 CET	192.168.2.15	80.152.203.134	0xb21a	Standard query (0)	catvision.dyn. [malformed]	256	286	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 21, 2024 04:01:54.553522110 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.553522110 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.553522110 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.553522110 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.553522110 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.553522110 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.553522110 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.561974049 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.561974049 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.561974049 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.561974049 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.561974049 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.561974049 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.561974049 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.807228088 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.807228088 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.807228088 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.807228088 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.807228088 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.807228088 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.807228088 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.820494890 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.820494890 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.820494890 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.820494890 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.820494890 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.820494890 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:01:54.820494890 CET	152.53.15.127	192.168.2.15	0xa8c8	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826581001 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826581001 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826581001 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826581001 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826581001 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826581001 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826581001 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826713085 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826713085 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826713085 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826713085 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826713085 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826713085 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:21.826713085 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:27.386816025 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:27.386816025 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:27.386816025 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:27.386816025 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:27.386816025 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:27.386816025 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:27.386816025 CET	217.160.70.42	192.168.2.15	0x29cf	No error (0)	hikvision.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.222345114 CET	168.138.12.137	192.168.2.15	0x14bd	No error (0)	hikvision.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.222345114 CET	168.138.12.137	192.168.2.15	0x14bd	No error (0)	hikvision.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.222345114 CET	168.138.12.137	192.168.2.15	0x14bd	No error (0)	hikvision.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.222345114 CET	168.138.12.137	192.168.2.15	0x14bd	No error (0)	hikvision.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.222345114 CET	168.138.12.137	192.168.2.15	0x14bd	No error (0)	hikvision.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.222345114 CET	168.138.12.137	192.168.2.15	0x14bd	No error (0)	hikvision.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.222345114 CET	168.138.12.137	192.168.2.15	0x14bd	No error (0)	hikvision.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.623387098 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	hikvision.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.623387098 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	hikvision.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.623387098 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	hikvision.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.623387098 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	hikvision.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.623387098 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	hikvision.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.623387098 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	hikvision.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:47.623387098 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	hikvision.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:49.117253065 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:49.117253065 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:49.117253065 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:49.117253065 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:49.117253065 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:49.117253065 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:49.117253065 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:53.341444969 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:53.341444969 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:53.341444969 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:53.341444969 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:53.341444969 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:53.341444969 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:02:53.341444969 CET	185.181.61.24	192.168.2.15	0xfbc4	No error (0)	hikvision.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:07.861918926 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	catlovingfools.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:07.861918926 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	catlovingfools.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:07.861918926 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	catlovingfools.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:07.861918926 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	catlovingfools.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:07.861918926 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	catlovingfools.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:07.861918926 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	catlovingfools.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:07.861918926 CET	194.36.144.87	192.168.2.15	0x156	No error (0)	catlovingfools.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:14.699279070 CET	194.36.144.87	192.168.2.15	0x951d	Format error (1)	hikvision.geek. [malformed]	none	none	256	498	false
Dec 21, 2024 04:03:15.445832014 CET	152.53.15.127	192.168.2.15	0xb634	Format error (1)	catvision.dyn. [malformed]	none	none	256	499	false
Dec 21, 2024 04:03:27.275705099 CET	152.53.15.127	192.168.2.15	0xc9c3	No error (0)	hikvision.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:27.275705099 CET	152.53.15.127	192.168.2.15	0xc9c3	No error (0)	hikvision.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:27.275705099 CET	152.53.15.127	192.168.2.15	0xc9c3	No error (0)	hikvision.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:27.275705099 CET	152.53.15.127	192.168.2.15	0xc9c3	No error (0)	hikvision.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:27.275705099 CET	152.53.15.127	192.168.2.15	0xc9c3	No error (0)	hikvision.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:27.275705099 CET	152.53.15.127	192.168.2.15	0xc9c3	No error (0)	hikvision.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:27.275705099 CET	152.53.15.127	192.168.2.15	0xc9c3	No error (0)	hikvision.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:37.737339973 CET	194.36.144.87	192.168.2.15	0x951d	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:37.737339973 CET	194.36.144.87	192.168.2.15	0x951d	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:37.737339973 CET	194.36.144.87	192.168.2.15	0x951d	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:37.737339973 CET	194.36.144.87	192.168.2.15	0x951d	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:37.737339973 CET	194.36.144.87	192.168.2.15	0x951d	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:37.737339973 CET	194.36.144.87	192.168.2.15	0x951d	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:37.737339973 CET	194.36.144.87	192.168.2.15	0x951d	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:38.058794975 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	shitrocket.dyn		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:38.058794975 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	shitrocket.dyn		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:38.058794975 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	shitrocket.dyn		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:38.058794975 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	shitrocket.dyn		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:38.058794975 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	shitrocket.dyn		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:38.058794975 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	shitrocket.dyn		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:38.058794975 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	shitrocket.dyn		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:44.865205050 CET	168.138.12.137	192.168.2.15	0xb2f3	No error (0)	hikvision.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:44.865205050 CET	168.138.12.137	192.168.2.15	0xb2f3	No error (0)	hikvision.geek		212.64.215.71	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:44.865205050 CET	168.138.12.137	192.168.2.15	0xb2f3	No error (0)	hikvision.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:44.865205050 CET	168.138.12.137	192.168.2.15	0xb2f3	No error (0)	hikvision.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:44.865205050 CET	168.138.12.137	192.168.2.15	0xb2f3	No error (0)	hikvision.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:44.865205050 CET	168.138.12.137	192.168.2.15	0xb2f3	No error (0)	hikvision.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:44.865205050 CET	168.138.12.137	192.168.2.15	0xb2f3	No error (0)	hikvision.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:57.162595987 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	catlovingfools.geek		212.60.5.153	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:57.162595987 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	catlovingfools.geek		212.192.13.95	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:57.162595987 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	catlovingfools.geek		185.72.8.231	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:57.162595987 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	catlovingfools.geek		80.78.26.121	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:57.162595987 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	catlovingfools.geek		86.107.100.19	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:57.162595987 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	catlovingfools.geek		176.32.32.113	A (IP address)	IN (0x0001)	false
Dec 21, 2024 04:03:57.162595987 CET	185.181.61.24	192.168.2.15	0x829f	No error (0)	catlovingfools.geek		212.64.215.71	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: nshkmpsl.elf PID: 5542, Parent PID: 5467

General

Start time (UTC):	03:01:53
Start date (UTC):	21/12/2024
Path:	/tmp/nshkmpsl.elf
Arguments:	/tmp/nshkmpsl.elf
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: nshkmpsl.elf PID: 5544, Parent PID: 5542

General

Start time (UTC):	03:01:53
Start date (UTC):	21/12/2024
Path:	/tmp/nshkmpsl.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: nshkmpsl.elf PID: 5599, Parent PID: 5544

General

Start time (UTC):	03:01:53
Start date (UTC):	21/12/2024
Path:	/tmp/nshkmpsl.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: nshkmpsl.elf PID: 5609, Parent PID: 5599

General

Start time (UTC):	03:01:53
Start date (UTC):	21/12/2024
Path:	/tmp/nshkmpsl.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: nshkmpsl.elf PID: 5615, Parent PID: 5609

General

Start time (UTC):	03:01:53
Start date (UTC):	21/12/2024
Path:	/tmp/nshkmpsl.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: nshkmpsl.elf PID: 5546, Parent PID: 5542

General

Start time (UTC):	03:01:53
Start date (UTC):	21/12/2024
Path:	/tmp/nshkmpsl.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: nshkmpsl.elf PID: 5567, Parent PID: 5546

General

Start time (UTC):	03:01:53
Start date (UTC):	21/12/2024
Path:	/tmp/nshkmpsl.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Chronological Activities

Analysis Process: nshkmpsl.elf PID: 5571, Parent PID: 5567

General

Start time (UTC):	03:01:53
Start date (UTC):	21/12/2024
Path:	/tmp/nshkmpsl.elf
Arguments:	-
File size:	5773336 bytes
MD5 hash:	0d6f61f82cf2f781c6eb0661071d42d9

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report nshkmpsl.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

System Behavior

Analysis Process: nshkmpsl.elf PID: 5542, Parent PID: 5467

General

Chronological Activities

Analysis Process: nshkmpsl.elf PID: 5544, Parent PID: 5542

General

Chronological Activities

Analysis Process: nshkmpsl.elf PID: 5599, Parent PID: 5544

General

Chronological Activities

Analysis Process: nshkmpsl.elf PID: 5609, Parent PID: 5599

General

Chronological Activities

Analysis Process: nshkmpsl.elf PID: 5615, Parent PID: 5609

General

Chronological Activities

Analysis Process: nshkmpsl.elf PID: 5546, Parent PID: 5542

General

Chronological Activities

Linux Analysis Report
nshkmpsl.elf