Linux
Analysis Report
zerm68k.elf
Overview
General Information
Sample name: | zerm68k.elf |
Analysis ID: | 1623726 |
MD5: | 61a6caec8d51f94f4c0cdba768da6bb7 |
SHA1: | fb698a8e652614b3405c7e694783672fdb609d35 |
SHA256: | a00113e0ae5ac6c5c207c295df85a874ff688b301f306d52dc6cf63722238c9e |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 52 |
Range: | 0 - 100 |
Signatures
Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1623726 |
Start date and time: | 2025-02-25 14:28:15 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | zerm68k.elf |
Detection: | MAL |
Classification: | mal52.troj.linELF@0/0@23/0 |
Command: | /tmp/zerm68k.elf |
PID: | 6252 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | gosh that chinese family at the other table sure ate a lot |
Standard Error: |
- system is lnxubuntu20
- dash New Fork (PID: 6223, Parent: 4331)
- dash New Fork (PID: 6224, Parent: 4331)
- zerm68k.elf New Fork (PID: 6255, Parent: 6252)
- zerm68k.elf New Fork (PID: 6257, Parent: 6255)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Networking |
---|
Source: | DNS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 File Deletion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
serisontop.dyn | 157.245.23.184 | true | false | high | |
serisbot.geek | 209.97.177.154 | true | false | high | |
serisbot.geek. [malformed] | unknown | unknown | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
209.97.177.154 | serisbot.geek | United States | 14061 | DIGITALOCEAN-ASNUS | false | |
64.225.80.213 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
209.97.177.154 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
64.225.80.213 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
91.189.91.43 | Get hash | malicious | Prometei | Browse | ||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
91.189.91.42 | Get hash | malicious | Prometei | Browse | ||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
serisontop.dyn | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Prometei | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Prometei | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
DIGITALOCEAN-ASNUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
DIGITALOCEAN-ASNUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
INIT7CH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.240313653633905 |
TrID: |
|
File name: | zerm68k.elf |
File size: | 50'340 bytes |
MD5: | 61a6caec8d51f94f4c0cdba768da6bb7 |
SHA1: | fb698a8e652614b3405c7e694783672fdb609d35 |
SHA256: | a00113e0ae5ac6c5c207c295df85a874ff688b301f306d52dc6cf63722238c9e |
SHA512: | 540cf25abff81d4f38cdb93ea9d562f730271421eeb19e95e1d1b771aeed67df1cacce95c98f1b0631918d7bbc626084b9e4c7005bb2f161d7e7500fe748ae4b |
SSDEEP: | 768:wV6eHmLxHcx+osIAmWARGGJggfEy+x0E2TOyknf20gG0RhRwkv8Ljx:NgmL3IAnAkGJggfG2qyknrgG03RwS8p |
TLSH: | 8E3319DAB4019D3DF85BE7BE84134A0AB531375050A32B37636BFD936D332A45E26D82 |
File Content Preview: | .ELF.......................D...4.........4. ...(.................................. ............................... .dt.Q............................NV..a....da....xN^NuNV..J9....f>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X.........N^NuNV..N^NuN |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 49900 |
Section Header Size: | 40 |
Number of Section Headers: | 11 |
Header String Table Index: | 10 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80000094 | 0x94 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 2 |
.text | PROGBITS | 0x800000a8 | 0xa8 | 0xb9a2 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x8000ba4a | 0xba4a | 0xe | 0x0 | 0x6 | AX | 0 | 0 | 2 |
.rodata | PROGBITS | 0x8000ba58 | 0xba58 | 0x68e | 0x0 | 0x2 | A | 0 | 0 | 2 |
.ctors | PROGBITS | 0x8000e0ec | 0xc0ec | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x8000e0f4 | 0xc0f4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x8000e0fc | 0xc0fc | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x8000e100 | 0xc100 | 0x1a8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x8000e2a8 | 0xc2a8 | 0x22c | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xc2a8 | 0x43 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x80000000 | 0x80000000 | 0xc0e6 | 0xc0e6 | 6.2820 | 0x5 | R E | 0x2000 | .init .text .fini .rodata | |
LOAD | 0xc0ec | 0x8000e0ec | 0x8000e0ec | 0x1bc | 0x3e8 | 2.3181 | 0x6 | RW | 0x2000 | .ctors .dtors .jcr .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 85
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 25, 2025 14:29:03.481826067 CET | 45558 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:03.486957073 CET | 1440 | 45558 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:03.487026930 CET | 45558 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:03.487755060 CET | 45558 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:03.492810965 CET | 1440 | 45558 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:03.492866993 CET | 45558 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:03.498943090 CET | 1440 | 45558 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:06.802983999 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Feb 25, 2025 14:29:07.826805115 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Feb 25, 2025 14:29:13.490238905 CET | 45558 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:13.495227098 CET | 1440 | 45558 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:13.718089104 CET | 1440 | 45558 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:13.718913078 CET | 45558 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:13.724441051 CET | 1440 | 45558 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:14.757850885 CET | 42780 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:29:14.762922049 CET | 1440 | 42780 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:29:14.762989998 CET | 42780 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:29:14.764169931 CET | 42780 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:29:14.769412041 CET | 1440 | 42780 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:29:14.769485950 CET | 42780 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:29:14.775618076 CET | 1440 | 42780 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:29:22.672574997 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Feb 25, 2025 14:29:25.413499117 CET | 1440 | 42780 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:29:25.413939953 CET | 42780 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:29:25.420816898 CET | 1440 | 42780 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:29:26.447871923 CET | 45562 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:26.453088045 CET | 1440 | 45562 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:26.453171015 CET | 45562 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:26.454109907 CET | 45562 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:26.459254026 CET | 1440 | 45562 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:26.459340096 CET | 45562 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:26.464425087 CET | 1440 | 45562 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:32.911302090 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Feb 25, 2025 14:29:37.085248947 CET | 1440 | 45562 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:37.085483074 CET | 45562 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:37.090692043 CET | 1440 | 45562 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:38.127054930 CET | 42784 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:29:38.132116079 CET | 1440 | 42784 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:29:38.132234097 CET | 42784 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:29:38.133259058 CET | 42784 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:29:38.138290882 CET | 1440 | 42784 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:29:38.138365030 CET | 42784 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:29:38.143399000 CET | 1440 | 42784 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:29:39.054328918 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Feb 25, 2025 14:29:48.770248890 CET | 1440 | 42784 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:29:48.770587921 CET | 42784 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:29:48.775693893 CET | 1440 | 42784 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:29:49.864069939 CET | 45566 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:49.869105101 CET | 1440 | 45566 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:49.869179010 CET | 45566 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:49.870471001 CET | 45566 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:49.875495911 CET | 1440 | 45566 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:29:49.875562906 CET | 45566 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:29:49.880584955 CET | 1440 | 45566 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:00.561558962 CET | 1440 | 45566 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:00.561903000 CET | 45566 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:00.567042112 CET | 1440 | 45566 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:01.654069901 CET | 42788 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:30:01.659156084 CET | 1440 | 42788 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:30:01.659236908 CET | 42788 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:30:01.660362005 CET | 42788 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:30:01.665457010 CET | 1440 | 42788 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:30:01.665514946 CET | 42788 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:30:01.670535088 CET | 1440 | 42788 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:30:03.626955032 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Feb 25, 2025 14:30:12.273976088 CET | 1440 | 42788 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:30:12.274315119 CET | 42788 | 1440 | 192.168.2.23 | 209.97.177.154 |
Feb 25, 2025 14:30:12.279400110 CET | 1440 | 42788 | 209.97.177.154 | 192.168.2.23 |
Feb 25, 2025 14:30:13.302046061 CET | 45570 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:13.307156086 CET | 1440 | 45570 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:13.307236910 CET | 45570 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:13.308485985 CET | 45570 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:13.313528061 CET | 1440 | 45570 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:13.313601017 CET | 45570 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:13.318667889 CET | 1440 | 45570 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:23.317245960 CET | 45570 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:23.322436094 CET | 1440 | 45570 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:23.616154909 CET | 1440 | 45570 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:23.616530895 CET | 45570 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:23.621646881 CET | 1440 | 45570 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:24.719465017 CET | 45572 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:24.724488974 CET | 1440 | 45572 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:24.724538088 CET | 45572 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:24.725132942 CET | 45572 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:24.730110884 CET | 1440 | 45572 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:24.730161905 CET | 45572 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:24.735181093 CET | 1440 | 45572 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:35.350958109 CET | 1440 | 45572 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:35.351222992 CET | 45572 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:35.356410980 CET | 1440 | 45572 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:36.801666975 CET | 45574 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:36.806720972 CET | 1440 | 45574 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:36.806796074 CET | 45574 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:36.807746887 CET | 45574 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:36.812999010 CET | 1440 | 45574 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:36.813057899 CET | 45574 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:36.818111897 CET | 1440 | 45574 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:47.468945026 CET | 1440 | 45574 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:47.469103098 CET | 45574 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:47.474204063 CET | 1440 | 45574 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:48.729588032 CET | 45576 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:48.734617949 CET | 1440 | 45576 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:48.734707117 CET | 45576 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:48.735699892 CET | 45576 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:48.740667105 CET | 1440 | 45576 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:48.740729094 CET | 45576 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:48.745723009 CET | 1440 | 45576 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:59.353074074 CET | 1440 | 45576 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:30:59.353336096 CET | 45576 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:30:59.359308004 CET | 1440 | 45576 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:31:00.809412003 CET | 45578 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:31:00.814515114 CET | 1440 | 45578 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:31:00.814601898 CET | 45578 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:31:00.815670967 CET | 45578 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:31:00.820748091 CET | 1440 | 45578 | 64.225.80.213 | 192.168.2.23 |
Feb 25, 2025 14:31:00.820823908 CET | 45578 | 1440 | 192.168.2.23 | 64.225.80.213 |
Feb 25, 2025 14:31:00.825838089 CET | 1440 | 45578 | 64.225.80.213 | 192.168.2.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 25, 2025 14:29:03.392719030 CET | 40878 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:29:03.480961084 CET | 53 | 40878 | 168.235.111.72 | 192.168.2.23 |
Feb 25, 2025 14:29:14.722270966 CET | 44758 | 53 | 192.168.2.23 | 185.181.61.24 |
Feb 25, 2025 14:29:14.756897926 CET | 53 | 44758 | 185.181.61.24 | 192.168.2.23 |
Feb 25, 2025 14:29:26.416675091 CET | 36489 | 53 | 192.168.2.23 | 81.169.136.222 |
Feb 25, 2025 14:29:26.446906090 CET | 53 | 36489 | 81.169.136.222 | 192.168.2.23 |
Feb 25, 2025 14:29:38.087332010 CET | 50434 | 53 | 192.168.2.23 | 185.181.61.24 |
Feb 25, 2025 14:29:38.126035929 CET | 53 | 50434 | 185.181.61.24 | 192.168.2.23 |
Feb 25, 2025 14:29:49.773356915 CET | 46060 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:29:49.862924099 CET | 53 | 46060 | 168.235.111.72 | 192.168.2.23 |
Feb 25, 2025 14:30:01.565473080 CET | 43840 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:30:01.653105021 CET | 53 | 43840 | 168.235.111.72 | 192.168.2.23 |
Feb 25, 2025 14:30:13.277523041 CET | 33255 | 53 | 192.168.2.23 | 152.53.15.127 |
Feb 25, 2025 14:30:13.301076889 CET | 53 | 33255 | 152.53.15.127 | 192.168.2.23 |
Feb 25, 2025 14:30:24.618582964 CET | 44622 | 53 | 192.168.2.23 | 152.53.15.127 |
Feb 25, 2025 14:30:24.642118931 CET | 53 | 44622 | 152.53.15.127 | 192.168.2.23 |
Feb 25, 2025 14:30:24.643218040 CET | 41917 | 53 | 192.168.2.23 | 152.53.15.127 |
Feb 25, 2025 14:30:24.661012888 CET | 53 | 41917 | 152.53.15.127 | 192.168.2.23 |
Feb 25, 2025 14:30:24.662245035 CET | 55804 | 53 | 192.168.2.23 | 152.53.15.127 |
Feb 25, 2025 14:30:24.679457903 CET | 53 | 55804 | 152.53.15.127 | 192.168.2.23 |
Feb 25, 2025 14:30:24.680119991 CET | 54583 | 53 | 192.168.2.23 | 152.53.15.127 |
Feb 25, 2025 14:30:24.698261023 CET | 53 | 54583 | 152.53.15.127 | 192.168.2.23 |
Feb 25, 2025 14:30:24.698899031 CET | 42721 | 53 | 192.168.2.23 | 152.53.15.127 |
Feb 25, 2025 14:30:24.718827963 CET | 53 | 42721 | 152.53.15.127 | 192.168.2.23 |
Feb 25, 2025 14:30:36.354002953 CET | 58729 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:30:36.442450047 CET | 53 | 58729 | 168.235.111.72 | 192.168.2.23 |
Feb 25, 2025 14:30:36.444354057 CET | 53968 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:30:36.531949997 CET | 53 | 53968 | 168.235.111.72 | 192.168.2.23 |
Feb 25, 2025 14:30:36.533633947 CET | 48830 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:30:36.621172905 CET | 53 | 48830 | 168.235.111.72 | 192.168.2.23 |
Feb 25, 2025 14:30:36.622375965 CET | 52366 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:30:36.711419106 CET | 53 | 52366 | 168.235.111.72 | 192.168.2.23 |
Feb 25, 2025 14:30:36.712228060 CET | 60111 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:30:36.800774097 CET | 53 | 60111 | 168.235.111.72 | 192.168.2.23 |
Feb 25, 2025 14:30:48.471760988 CET | 38096 | 53 | 192.168.2.23 | 152.53.15.127 |
Feb 25, 2025 14:30:48.728627920 CET | 53 | 38096 | 152.53.15.127 | 192.168.2.23 |
Feb 25, 2025 14:31:00.355592012 CET | 49254 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:31:00.444993019 CET | 53 | 49254 | 168.235.111.72 | 192.168.2.23 |
Feb 25, 2025 14:31:00.446085930 CET | 41717 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:31:00.535501003 CET | 53 | 41717 | 168.235.111.72 | 192.168.2.23 |
Feb 25, 2025 14:31:00.537074089 CET | 39907 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:31:00.626219988 CET | 53 | 39907 | 168.235.111.72 | 192.168.2.23 |
Feb 25, 2025 14:31:00.627854109 CET | 45643 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:31:00.717236042 CET | 53 | 45643 | 168.235.111.72 | 192.168.2.23 |
Feb 25, 2025 14:31:00.718888044 CET | 50439 | 53 | 192.168.2.23 | 168.235.111.72 |
Feb 25, 2025 14:31:00.808252096 CET | 53 | 50439 | 168.235.111.72 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Feb 25, 2025 14:29:03.392719030 CET | 192.168.2.23 | 168.235.111.72 | 0x74ac | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 14:29:14.722270966 CET | 192.168.2.23 | 185.181.61.24 | 0xe448 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 14:29:26.416675091 CET | 192.168.2.23 | 81.169.136.222 | 0xe5d0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 14:29:38.087332010 CET | 192.168.2.23 | 185.181.61.24 | 0x8dc3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 14:29:49.773356915 CET | 192.168.2.23 | 168.235.111.72 | 0xd197 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 14:30:01.565473080 CET | 192.168.2.23 | 168.235.111.72 | 0x25d6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 14:30:13.277523041 CET | 192.168.2.23 | 152.53.15.127 | 0xabda | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 14:30:24.618582964 CET | 192.168.2.23 | 152.53.15.127 | 0x868e | Standard query (0) | 256 | 496 | false | |
Feb 25, 2025 14:30:24.643218040 CET | 192.168.2.23 | 152.53.15.127 | 0x868e | Standard query (0) | 256 | 496 | false | |
Feb 25, 2025 14:30:24.662245035 CET | 192.168.2.23 | 152.53.15.127 | 0x868e | Standard query (0) | 256 | 496 | false | |
Feb 25, 2025 14:30:24.680119991 CET | 192.168.2.23 | 152.53.15.127 | 0x868e | Standard query (0) | 256 | 496 | false | |
Feb 25, 2025 14:30:24.698899031 CET | 192.168.2.23 | 152.53.15.127 | 0x868e | Standard query (0) | 256 | 496 | false | |
Feb 25, 2025 14:30:36.354002953 CET | 192.168.2.23 | 168.235.111.72 | 0xed01 | Standard query (0) | 256 | 508 | false | |
Feb 25, 2025 14:30:36.444354057 CET | 192.168.2.23 | 168.235.111.72 | 0xed01 | Standard query (0) | 256 | 508 | false | |
Feb 25, 2025 14:30:36.533633947 CET | 192.168.2.23 | 168.235.111.72 | 0xed01 | Standard query (0) | 256 | 508 | false | |
Feb 25, 2025 14:30:36.622375965 CET | 192.168.2.23 | 168.235.111.72 | 0xed01 | Standard query (0) | 256 | 508 | false | |
Feb 25, 2025 14:30:36.712228060 CET | 192.168.2.23 | 168.235.111.72 | 0xed01 | Standard query (0) | 256 | 508 | false | |
Feb 25, 2025 14:30:48.471760988 CET | 192.168.2.23 | 152.53.15.127 | 0x4ed | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 25, 2025 14:31:00.355592012 CET | 192.168.2.23 | 168.235.111.72 | 0xf185 | Standard query (0) | 256 | 276 | false | |
Feb 25, 2025 14:31:00.446085930 CET | 192.168.2.23 | 168.235.111.72 | 0xf185 | Standard query (0) | 256 | 276 | false | |
Feb 25, 2025 14:31:00.537074089 CET | 192.168.2.23 | 168.235.111.72 | 0xf185 | Standard query (0) | 256 | 276 | false | |
Feb 25, 2025 14:31:00.627854109 CET | 192.168.2.23 | 168.235.111.72 | 0xf185 | Standard query (0) | 256 | 276 | false | |
Feb 25, 2025 14:31:00.718888044 CET | 192.168.2.23 | 168.235.111.72 | 0xf185 | Standard query (0) | 256 | 276 | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Feb 25, 2025 14:29:03.480961084 CET | 168.235.111.72 | 192.168.2.23 | 0x74ac | No error (0) | 209.97.177.154 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:03.480961084 CET | 168.235.111.72 | 192.168.2.23 | 0x74ac | No error (0) | 157.245.23.184 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:03.480961084 CET | 168.235.111.72 | 192.168.2.23 | 0x74ac | No error (0) | 64.225.80.213 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:14.756897926 CET | 185.181.61.24 | 192.168.2.23 | 0xe448 | No error (0) | 209.97.177.154 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:14.756897926 CET | 185.181.61.24 | 192.168.2.23 | 0xe448 | No error (0) | 64.225.80.213 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:14.756897926 CET | 185.181.61.24 | 192.168.2.23 | 0xe448 | No error (0) | 157.245.23.184 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:26.446906090 CET | 81.169.136.222 | 192.168.2.23 | 0xe5d0 | No error (0) | 157.245.23.184 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:26.446906090 CET | 81.169.136.222 | 192.168.2.23 | 0xe5d0 | No error (0) | 209.97.177.154 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:26.446906090 CET | 81.169.136.222 | 192.168.2.23 | 0xe5d0 | No error (0) | 64.225.80.213 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:38.126035929 CET | 185.181.61.24 | 192.168.2.23 | 0x8dc3 | No error (0) | 157.245.23.184 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:38.126035929 CET | 185.181.61.24 | 192.168.2.23 | 0x8dc3 | No error (0) | 209.97.177.154 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:38.126035929 CET | 185.181.61.24 | 192.168.2.23 | 0x8dc3 | No error (0) | 64.225.80.213 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:49.862924099 CET | 168.235.111.72 | 192.168.2.23 | 0xd197 | No error (0) | 64.225.80.213 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:49.862924099 CET | 168.235.111.72 | 192.168.2.23 | 0xd197 | No error (0) | 157.245.23.184 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:29:49.862924099 CET | 168.235.111.72 | 192.168.2.23 | 0xd197 | No error (0) | 209.97.177.154 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:30:01.653105021 CET | 168.235.111.72 | 192.168.2.23 | 0x25d6 | No error (0) | 157.245.23.184 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:30:01.653105021 CET | 168.235.111.72 | 192.168.2.23 | 0x25d6 | No error (0) | 209.97.177.154 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:30:01.653105021 CET | 168.235.111.72 | 192.168.2.23 | 0x25d6 | No error (0) | 64.225.80.213 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:30:13.301076889 CET | 152.53.15.127 | 192.168.2.23 | 0xabda | No error (0) | 64.225.80.213 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:30:13.301076889 CET | 152.53.15.127 | 192.168.2.23 | 0xabda | No error (0) | 157.245.23.184 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:30:13.301076889 CET | 152.53.15.127 | 192.168.2.23 | 0xabda | No error (0) | 209.97.177.154 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:30:24.642118931 CET | 152.53.15.127 | 192.168.2.23 | 0x868e | Format error (1) | none | none | 256 | 496 | false | |
Feb 25, 2025 14:30:24.661012888 CET | 152.53.15.127 | 192.168.2.23 | 0x868e | Format error (1) | none | none | 256 | 496 | false | |
Feb 25, 2025 14:30:24.679457903 CET | 152.53.15.127 | 192.168.2.23 | 0x868e | Format error (1) | none | none | 256 | 496 | false | |
Feb 25, 2025 14:30:24.698261023 CET | 152.53.15.127 | 192.168.2.23 | 0x868e | Format error (1) | none | none | 256 | 496 | false | |
Feb 25, 2025 14:30:24.718827963 CET | 152.53.15.127 | 192.168.2.23 | 0x868e | Format error (1) | none | none | 256 | 496 | false | |
Feb 25, 2025 14:30:48.728627920 CET | 152.53.15.127 | 192.168.2.23 | 0x4ed | No error (0) | 157.245.23.184 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:30:48.728627920 CET | 152.53.15.127 | 192.168.2.23 | 0x4ed | No error (0) | 209.97.177.154 | A (IP address) | IN (0x0001) | false | ||
Feb 25, 2025 14:30:48.728627920 CET | 152.53.15.127 | 192.168.2.23 | 0x4ed | No error (0) | 64.225.80.213 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 13:28:58 |
Start date (UTC): | 25/02/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 13:28:58 |
Start date (UTC): | 25/02/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.hYanJrkwQ4 /tmp/tmp.XFy8ftwkSG /tmp/tmp.haTHZc3pvo |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 13:28:58 |
Start date (UTC): | 25/02/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 13:28:58 |
Start date (UTC): | 25/02/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.hYanJrkwQ4 /tmp/tmp.XFy8ftwkSG /tmp/tmp.haTHZc3pvo |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 13:29:02 |
Start date (UTC): | 25/02/2025 |
Path: | /tmp/zerm68k.elf |
Arguments: | /tmp/zerm68k.elf |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time (UTC): | 13:29:02 |
Start date (UTC): | 25/02/2025 |
Path: | /tmp/zerm68k.elf |
Arguments: | - |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |
Start time (UTC): | 13:29:02 |
Start date (UTC): | 25/02/2025 |
Path: | /tmp/zerm68k.elf |
Arguments: | - |
File size: | 4463432 bytes |
MD5 hash: | cd177594338c77b895ae27c33f8f86cc |