Linux
Analysis Report
zerarm5.elf
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Signatures
Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1633215 |
Start date and time: | 2025-03-10 03:04:11 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 6s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | zerarm5.elf |
Detection: | MAL |
Classification: | mal52.troj.linELF@0/0@47/0 |
Command: | /tmp/zerarm5.elf |
PID: | 6270 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | gosh that chinese family at the other table sure ate a lot |
Standard Error: |
- system is lnxubuntu20
- zerarm5.elf New Fork (PID: 6272, Parent: 6270)
- zerarm5.elf New Fork (PID: 6274, Parent: 6272)
- dash New Fork (PID: 6284, Parent: 4341)
- dash New Fork (PID: 6285, Parent: 4341)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Networking |
---|
Source: | DNS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 File Deletion | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | Virustotal | Browse | ||
45% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ohlookthereismyboats.geek | 64.227.79.152 | true | false | high | |
watchmepull.dyn. [malformed] | unknown | unknown | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
159.89.101.70 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
45.147.251.145 | unknown | Germany | 197518 | RACKMARKTES | false | |
34.249.145.219 | unknown | United States | 16509 | AMAZON-02US | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
34.249.145.219 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Gafgyt, Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Gafgyt | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai | Browse | |||
159.89.101.70 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
45.147.251.145 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ohlookthereismyboats.geek | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
RACKMARKTES | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
INIT7CH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
DIGITALOCEAN-ASNUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
AMAZON-02US | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.993355397995043 |
TrID: |
|
File name: | zerarm5.elf |
File size: | 51'776 bytes |
MD5: | 5a5c0e1c92b7937f2e88b11478bbf631 |
SHA1: | 358706dc4eaa65c3da0702a8ad9bba4de6bfafaf |
SHA256: | c767b3204bd8bfde69e411b3d0723f0eef5cf70a8091300cd00c50f4efe84891 |
SHA512: | 2e0ea5f3db9bfdd04b33b7bf72b3eebb0fb06f8df6b0fca442856de6ccfd284536505d08b3b31167ea86ae1ca84456340a73bc87c4325cc598a4834aab3500a1 |
SSDEEP: | 768:TsHcXPbBIKrfx/RaK/3cgWQI9YvTuDorPg8rpI/h4B36OGVzONszaotkMgk:+cl9D3cNj9YvSug8dI5GqO6vFH |
TLSH: | 0333F895B8C29A12C5D013BBFA2E429D372563F8E2DF7207CD211F51778A82F0DA7651 |
File Content Preview: | .ELF...a..........(.........4...........4. ...(.........................................................`...........Q.td..................................-...L."...^/..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 51336 |
Section Header Size: | 40 |
Number of Section Headers: | 11 |
Header String Table Index: | 10 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8094 | 0x94 | 0x18 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80b0 | 0xb0 | 0xbdb0 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x13e60 | 0xbe60 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x13e74 | 0xbe74 | 0x80c | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x1c684 | 0xc684 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x1c68c | 0xc68c | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x1c694 | 0xc694 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x1c698 | 0xc698 | 0x1ac | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x1c844 | 0xc844 | 0x2a0 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xc844 | 0x43 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0xc680 | 0xc680 | 6.0234 | 0x5 | R E | 0x8000 | .init .text .fini .rodata | |
LOAD | 0xc684 | 0x1c684 | 0x1c684 | 0x1c0 | 0x460 | 2.2948 | 0x6 | RW | 0x8000 | .ctors .dtors .jcr .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 112
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 10, 2025 03:05:22.530024052 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 10, 2025 03:05:23.441581964 CET | 54374 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:23.446764946 CET | 1440 | 54374 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:23.446820974 CET | 54374 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:23.448321104 CET | 54374 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:23.453521013 CET | 1440 | 54374 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:23.453566074 CET | 54374 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:23.458661079 CET | 1440 | 54374 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:28.161412954 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Mar 10, 2025 03:05:33.457345963 CET | 54374 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:33.462474108 CET | 1440 | 54374 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:33.720145941 CET | 1440 | 54374 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:33.720555067 CET | 54374 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:33.720895052 CET | 54374 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:33.725975990 CET | 1440 | 54374 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:34.879033089 CET | 54376 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:34.884118080 CET | 1440 | 54376 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:34.884202957 CET | 54376 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:34.885163069 CET | 54376 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:34.890211105 CET | 1440 | 54376 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:34.890280008 CET | 54376 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:34.895406961 CET | 1440 | 54376 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:39.264147997 CET | 443 | 39260 | 34.249.145.219 | 192.168.2.23 |
Mar 10, 2025 03:05:39.264525890 CET | 39260 | 443 | 192.168.2.23 | 34.249.145.219 |
Mar 10, 2025 03:05:39.269654989 CET | 443 | 39260 | 34.249.145.219 | 192.168.2.23 |
Mar 10, 2025 03:05:43.263278008 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 10, 2025 03:05:43.263286114 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Mar 10, 2025 03:05:45.824706078 CET | 1440 | 54376 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:45.824861050 CET | 1440 | 54376 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:45.824960947 CET | 54376 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:45.824960947 CET | 54376 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:45.835745096 CET | 1440 | 54376 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:46.914275885 CET | 54378 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:46.919424057 CET | 1440 | 54378 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:46.919559956 CET | 54378 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:46.920878887 CET | 54378 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:46.925993919 CET | 1440 | 54378 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:46.926073074 CET | 54378 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:46.931143045 CET | 1440 | 54378 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:55.549612045 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Mar 10, 2025 03:05:57.546415091 CET | 1440 | 54378 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:57.546999931 CET | 54378 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:57.553199053 CET | 1440 | 54378 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:58.666471958 CET | 54380 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:58.671561003 CET | 1440 | 54380 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:58.671669960 CET | 54380 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:58.673103094 CET | 54380 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:58.678205013 CET | 1440 | 54380 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:05:58.678338051 CET | 54380 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:05:58.683496952 CET | 1440 | 54380 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:09.280558109 CET | 1440 | 54380 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:09.281049967 CET | 54380 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:06:09.286201000 CET | 1440 | 54380 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:10.473207951 CET | 54382 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:06:10.478255033 CET | 1440 | 54382 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:10.478313923 CET | 54382 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:06:10.479511023 CET | 54382 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:06:10.484556913 CET | 1440 | 54382 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:10.484642029 CET | 54382 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:06:10.489705086 CET | 1440 | 54382 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:21.100596905 CET | 1440 | 54382 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:21.101037025 CET | 54382 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:06:21.106225014 CET | 1440 | 54382 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:22.190777063 CET | 54384 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:06:22.195801020 CET | 1440 | 54384 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:22.195899963 CET | 54384 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:06:22.197191954 CET | 54384 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:06:22.202227116 CET | 1440 | 54384 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:22.202301025 CET | 54384 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:06:22.207308054 CET | 1440 | 54384 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:24.217408895 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 10, 2025 03:06:32.947699070 CET | 1440 | 54384 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:32.947899103 CET | 54384 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 10, 2025 03:06:32.953280926 CET | 1440 | 54384 | 45.147.251.145 | 192.168.2.23 |
Mar 10, 2025 03:06:34.045810938 CET | 46870 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:34.050797939 CET | 1440 | 46870 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:34.050901890 CET | 46870 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:34.052510977 CET | 46870 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:34.057583094 CET | 1440 | 46870 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:34.057660103 CET | 46870 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:34.062813044 CET | 1440 | 46870 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:44.053989887 CET | 46870 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:44.059115887 CET | 1440 | 46870 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:44.265939951 CET | 1440 | 46870 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:44.266168118 CET | 46870 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:44.271281958 CET | 1440 | 46870 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:45.355887890 CET | 46872 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:45.360991001 CET | 1440 | 46872 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:45.361094952 CET | 46872 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:45.362293005 CET | 46872 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:45.367449999 CET | 1440 | 46872 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:45.367527962 CET | 46872 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:45.372751951 CET | 1440 | 46872 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:55.977659941 CET | 1440 | 46872 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:55.978444099 CET | 46872 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:55.983546972 CET | 1440 | 46872 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:57.068770885 CET | 46874 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:57.073869944 CET | 1440 | 46874 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:57.073940992 CET | 46874 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:57.074953079 CET | 46874 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:57.080053091 CET | 1440 | 46874 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:06:57.080120087 CET | 46874 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:06:57.085278034 CET | 1440 | 46874 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:07:07.652254105 CET | 1440 | 46874 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:07:07.652560949 CET | 46874 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:07:07.657510042 CET | 1440 | 46874 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:07:08.754497051 CET | 46876 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:07:08.759512901 CET | 1440 | 46876 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:07:08.759629011 CET | 46876 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:07:08.760931015 CET | 46876 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:07:08.765929937 CET | 1440 | 46876 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:07:08.766016960 CET | 46876 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:07:08.771059036 CET | 1440 | 46876 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:07:19.366712093 CET | 1440 | 46876 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:07:19.367150068 CET | 46876 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:07:19.374521971 CET | 1440 | 46876 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:07:20.844073057 CET | 46878 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:07:20.849211931 CET | 1440 | 46878 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:07:20.849325895 CET | 46878 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:07:20.850867033 CET | 46878 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:07:20.855887890 CET | 1440 | 46878 | 159.89.101.70 | 192.168.2.23 |
Mar 10, 2025 03:07:20.855948925 CET | 46878 | 1440 | 192.168.2.23 | 159.89.101.70 |
Mar 10, 2025 03:07:20.860975027 CET | 1440 | 46878 | 159.89.101.70 | 192.168.2.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 10, 2025 03:05:23.404006004 CET | 50151 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 10, 2025 03:05:23.427222967 CET | 53 | 50151 | 194.36.144.87 | 192.168.2.23 |
Mar 10, 2025 03:05:34.724134922 CET | 57910 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 10, 2025 03:05:34.754107952 CET | 53 | 57910 | 81.169.136.222 | 192.168.2.23 |
Mar 10, 2025 03:05:34.755640984 CET | 51792 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 10, 2025 03:05:34.785526037 CET | 53 | 51792 | 81.169.136.222 | 192.168.2.23 |
Mar 10, 2025 03:05:34.786437988 CET | 53398 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 10, 2025 03:05:34.816220999 CET | 53 | 53398 | 81.169.136.222 | 192.168.2.23 |
Mar 10, 2025 03:05:34.817568064 CET | 51592 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 10, 2025 03:05:34.847467899 CET | 53 | 51592 | 81.169.136.222 | 192.168.2.23 |
Mar 10, 2025 03:05:34.848581076 CET | 54445 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 10, 2025 03:05:34.878218889 CET | 53 | 54445 | 81.169.136.222 | 192.168.2.23 |
Mar 10, 2025 03:05:46.828130007 CET | 45151 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:05:46.844189882 CET | 53 | 45151 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:05:46.845794916 CET | 34496 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:05:46.861486912 CET | 53 | 34496 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:05:46.862889051 CET | 59108 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:05:46.878632069 CET | 53 | 59108 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:05:46.880076885 CET | 38088 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:05:46.895837069 CET | 53 | 38088 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:05:46.897329092 CET | 58958 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:05:46.913038015 CET | 53 | 58958 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:05:58.551387072 CET | 50734 | 53 | 192.168.2.23 | 152.53.15.127 |
Mar 10, 2025 03:05:58.568727970 CET | 53 | 50734 | 152.53.15.127 | 192.168.2.23 |
Mar 10, 2025 03:05:58.570693016 CET | 37740 | 53 | 192.168.2.23 | 152.53.15.127 |
Mar 10, 2025 03:05:58.594536066 CET | 53 | 37740 | 152.53.15.127 | 192.168.2.23 |
Mar 10, 2025 03:05:58.596560955 CET | 37191 | 53 | 192.168.2.23 | 152.53.15.127 |
Mar 10, 2025 03:05:58.620429993 CET | 53 | 37191 | 152.53.15.127 | 192.168.2.23 |
Mar 10, 2025 03:05:58.622488022 CET | 53873 | 53 | 192.168.2.23 | 152.53.15.127 |
Mar 10, 2025 03:05:58.645730019 CET | 53 | 53873 | 152.53.15.127 | 192.168.2.23 |
Mar 10, 2025 03:05:58.647720098 CET | 36714 | 53 | 192.168.2.23 | 152.53.15.127 |
Mar 10, 2025 03:05:58.665267944 CET | 53 | 36714 | 152.53.15.127 | 192.168.2.23 |
Mar 10, 2025 03:06:10.285250902 CET | 52523 | 53 | 192.168.2.23 | 185.181.61.24 |
Mar 10, 2025 03:06:10.321300983 CET | 53 | 52523 | 185.181.61.24 | 192.168.2.23 |
Mar 10, 2025 03:06:10.323479891 CET | 38918 | 53 | 192.168.2.23 | 185.181.61.24 |
Mar 10, 2025 03:06:10.359421015 CET | 53 | 38918 | 185.181.61.24 | 192.168.2.23 |
Mar 10, 2025 03:06:10.361077070 CET | 33268 | 53 | 192.168.2.23 | 185.181.61.24 |
Mar 10, 2025 03:06:10.396996975 CET | 53 | 33268 | 185.181.61.24 | 192.168.2.23 |
Mar 10, 2025 03:06:10.398685932 CET | 41817 | 53 | 192.168.2.23 | 185.181.61.24 |
Mar 10, 2025 03:06:10.434613943 CET | 53 | 41817 | 185.181.61.24 | 192.168.2.23 |
Mar 10, 2025 03:06:10.436166048 CET | 51156 | 53 | 192.168.2.23 | 185.181.61.24 |
Mar 10, 2025 03:06:10.472290993 CET | 53 | 51156 | 185.181.61.24 | 192.168.2.23 |
Mar 10, 2025 03:06:22.104476929 CET | 33208 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:22.120361090 CET | 53 | 33208 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:22.122051001 CET | 51116 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:22.138003111 CET | 53 | 51116 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:22.139472008 CET | 53121 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:22.155283928 CET | 53 | 53121 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:22.156663895 CET | 59900 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:22.172374010 CET | 53 | 59900 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:22.173815966 CET | 58546 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:22.189939976 CET | 53 | 58546 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:33.951857090 CET | 56209 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 10, 2025 03:06:34.044383049 CET | 53 | 56209 | 168.235.111.72 | 192.168.2.23 |
Mar 10, 2025 03:06:45.269947052 CET | 33957 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:45.285980940 CET | 53 | 33957 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:45.287447929 CET | 45699 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:45.303220987 CET | 53 | 45699 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:45.304686069 CET | 55347 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:45.320569038 CET | 53 | 55347 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:45.321964025 CET | 37163 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:45.338012934 CET | 53 | 37163 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:45.339426041 CET | 36100 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:45.355195045 CET | 53 | 36100 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:56.982285976 CET | 42211 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:56.998085022 CET | 53 | 42211 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:56.999608040 CET | 39579 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:57.015527010 CET | 53 | 39579 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:57.017016888 CET | 36143 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:57.033226967 CET | 53 | 36143 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:57.034720898 CET | 59080 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:57.050724983 CET | 53 | 59080 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:06:57.052176952 CET | 39198 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 10, 2025 03:06:57.068227053 CET | 53 | 39198 | 51.158.108.203 | 192.168.2.23 |
Mar 10, 2025 03:07:08.655921936 CET | 49100 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 10, 2025 03:07:08.674354076 CET | 53 | 49100 | 202.61.197.122 | 192.168.2.23 |
Mar 10, 2025 03:07:08.675477982 CET | 57095 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 10, 2025 03:07:08.693898916 CET | 53 | 57095 | 202.61.197.122 | 192.168.2.23 |
Mar 10, 2025 03:07:08.695167065 CET | 45504 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 10, 2025 03:07:08.713797092 CET | 53 | 45504 | 202.61.197.122 | 192.168.2.23 |
Mar 10, 2025 03:07:08.715147972 CET | 38207 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 10, 2025 03:07:08.732871056 CET | 53 | 38207 | 202.61.197.122 | 192.168.2.23 |
Mar 10, 2025 03:07:08.734364986 CET | 56257 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 10, 2025 03:07:08.753833055 CET | 53 | 56257 | 202.61.197.122 | 192.168.2.23 |
Mar 10, 2025 03:07:20.370743990 CET | 37111 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 10, 2025 03:07:20.462680101 CET | 53 | 37111 | 168.235.111.72 | 192.168.2.23 |
Mar 10, 2025 03:07:20.464548111 CET | 52602 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 10, 2025 03:07:20.555713892 CET | 53 | 52602 | 168.235.111.72 | 192.168.2.23 |
Mar 10, 2025 03:07:20.557491064 CET | 53042 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 10, 2025 03:07:20.652234077 CET | 53 | 53042 | 168.235.111.72 | 192.168.2.23 |
Mar 10, 2025 03:07:20.654015064 CET | 60369 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 10, 2025 03:07:20.748303890 CET | 53 | 60369 | 168.235.111.72 | 192.168.2.23 |
Mar 10, 2025 03:07:20.750689030 CET | 33707 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 10, 2025 03:07:20.842730045 CET | 53 | 33707 | 168.235.111.72 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 10, 2025 03:05:23.404006004 CET | 192.168.2.23 | 194.36.144.87 | 0x63b0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 03:05:34.724134922 CET | 192.168.2.23 | 81.169.136.222 | 0xb181 | Standard query (0) | 256 | 494 | false | |
Mar 10, 2025 03:05:34.755640984 CET | 192.168.2.23 | 81.169.136.222 | 0xb181 | Standard query (0) | 256 | 494 | false | |
Mar 10, 2025 03:05:34.786437988 CET | 192.168.2.23 | 81.169.136.222 | 0xb181 | Standard query (0) | 256 | 494 | false | |
Mar 10, 2025 03:05:34.817568064 CET | 192.168.2.23 | 81.169.136.222 | 0xb181 | Standard query (0) | 256 | 494 | false | |
Mar 10, 2025 03:05:34.848581076 CET | 192.168.2.23 | 81.169.136.222 | 0xb181 | Standard query (0) | 256 | 494 | false | |
Mar 10, 2025 03:05:46.828130007 CET | 192.168.2.23 | 51.158.108.203 | 0x10d7 | Standard query (0) | 256 | 506 | false | |
Mar 10, 2025 03:05:46.845794916 CET | 192.168.2.23 | 51.158.108.203 | 0x10d7 | Standard query (0) | 256 | 506 | false | |
Mar 10, 2025 03:05:46.862889051 CET | 192.168.2.23 | 51.158.108.203 | 0x10d7 | Standard query (0) | 256 | 506 | false | |
Mar 10, 2025 03:05:46.880076885 CET | 192.168.2.23 | 51.158.108.203 | 0x10d7 | Standard query (0) | 256 | 506 | false | |
Mar 10, 2025 03:05:46.897329092 CET | 192.168.2.23 | 51.158.108.203 | 0x10d7 | Standard query (0) | 256 | 506 | false | |
Mar 10, 2025 03:05:58.551387072 CET | 192.168.2.23 | 152.53.15.127 | 0xbf20 | Standard query (0) | 256 | 262 | false | |
Mar 10, 2025 03:05:58.570693016 CET | 192.168.2.23 | 152.53.15.127 | 0xbf20 | Standard query (0) | 256 | 262 | false | |
Mar 10, 2025 03:05:58.596560955 CET | 192.168.2.23 | 152.53.15.127 | 0xbf20 | Standard query (0) | 256 | 262 | false | |
Mar 10, 2025 03:05:58.622488022 CET | 192.168.2.23 | 152.53.15.127 | 0xbf20 | Standard query (0) | 256 | 262 | false | |
Mar 10, 2025 03:05:58.647720098 CET | 192.168.2.23 | 152.53.15.127 | 0xbf20 | Standard query (0) | 256 | 262 | false | |
Mar 10, 2025 03:06:10.285250902 CET | 192.168.2.23 | 185.181.61.24 | 0xcaec | Standard query (0) | 256 | 274 | false | |
Mar 10, 2025 03:06:10.323479891 CET | 192.168.2.23 | 185.181.61.24 | 0xcaec | Standard query (0) | 256 | 274 | false | |
Mar 10, 2025 03:06:10.361077070 CET | 192.168.2.23 | 185.181.61.24 | 0xcaec | Standard query (0) | 256 | 274 | false | |
Mar 10, 2025 03:06:10.398685932 CET | 192.168.2.23 | 185.181.61.24 | 0xcaec | Standard query (0) | 256 | 274 | false | |
Mar 10, 2025 03:06:10.436166048 CET | 192.168.2.23 | 185.181.61.24 | 0xcaec | Standard query (0) | 256 | 274 | false | |
Mar 10, 2025 03:06:22.104476929 CET | 192.168.2.23 | 51.158.108.203 | 0xb23 | Standard query (0) | 256 | 286 | false | |
Mar 10, 2025 03:06:22.122051001 CET | 192.168.2.23 | 51.158.108.203 | 0xb23 | Standard query (0) | 256 | 286 | false | |
Mar 10, 2025 03:06:22.139472008 CET | 192.168.2.23 | 51.158.108.203 | 0xb23 | Standard query (0) | 256 | 286 | false | |
Mar 10, 2025 03:06:22.156663895 CET | 192.168.2.23 | 51.158.108.203 | 0xb23 | Standard query (0) | 256 | 286 | false | |
Mar 10, 2025 03:06:22.173815966 CET | 192.168.2.23 | 51.158.108.203 | 0xb23 | Standard query (0) | 256 | 286 | false | |
Mar 10, 2025 03:06:33.951857090 CET | 192.168.2.23 | 168.235.111.72 | 0xe0d6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 10, 2025 03:06:45.269947052 CET | 192.168.2.23 | 51.158.108.203 | 0x7af0 | Standard query (0) | 256 | 309 | false | |
Mar 10, 2025 03:06:45.287447929 CET | 192.168.2.23 | 51.158.108.203 | 0x7af0 | Standard query (0) | 256 | 309 | false | |
Mar 10, 2025 03:06:45.304686069 CET | 192.168.2.23 | 51.158.108.203 | 0x7af0 | Standard query (0) | 256 | 309 | false | |
Mar 10, 2025 03:06:45.321964025 CET | 192.168.2.23 | 51.158.108.203 | 0x7af0 | Standard query (0) | 256 | 309 | false | |
Mar 10, 2025 03:06:45.339426041 CET | 192.168.2.23 | 51.158.108.203 | 0x7af0 | Standard query (0) | 256 | 309 | false | |
Mar 10, 2025 03:06:56.982285976 CET | 192.168.2.23 | 51.158.108.203 | 0xa253 | Standard query (0) | 256 | 320 | false | |
Mar 10, 2025 03:06:56.999608040 CET | 192.168.2.23 | 51.158.108.203 | 0xa253 | Standard query (0) | 256 | 321 | false | |
Mar 10, 2025 03:06:57.017016888 CET | 192.168.2.23 | 51.158.108.203 | 0xa253 | Standard query (0) | 256 | 321 | false | |
Mar 10, 2025 03:06:57.034720898 CET | 192.168.2.23 | 51.158.108.203 | 0xa253 | Standard query (0) | 256 | 321 | false | |
Mar 10, 2025 03:06:57.052176952 CET | 192.168.2.23 | 51.158.108.203 | 0xa253 | Standard query (0) | 256 | 321 | false | |
Mar 10, 2025 03:07:08.655921936 CET | 192.168.2.23 | 202.61.197.122 | 0x6326 | Standard query (0) | 256 | 332 | false | |
Mar 10, 2025 03:07:08.675477982 CET | 192.168.2.23 | 202.61.197.122 | 0x6326 | Standard query (0) | 256 | 332 | false | |
Mar 10, 2025 03:07:08.695167065 CET | 192.168.2.23 | 202.61.197.122 | 0x6326 | Standard query (0) | 256 | 332 | false | |
Mar 10, 2025 03:07:08.715147972 CET | 192.168.2.23 | 202.61.197.122 | 0x6326 | Standard query (0) | 256 | 332 | false | |
Mar 10, 2025 03:07:08.734364986 CET | 192.168.2.23 | 202.61.197.122 | 0x6326 | Standard query (0) | 256 | 332 | false | |
Mar 10, 2025 03:07:20.370743990 CET | 192.168.2.23 | 168.235.111.72 | 0x7935 | Standard query (0) | 256 | 344 | false | |
Mar 10, 2025 03:07:20.464548111 CET | 192.168.2.23 | 168.235.111.72 | 0x7935 | Standard query (0) | 256 | 344 | false | |
Mar 10, 2025 03:07:20.557491064 CET | 192.168.2.23 | 168.235.111.72 | 0x7935 | Standard query (0) | 256 | 344 | false | |
Mar 10, 2025 03:07:20.654015064 CET | 192.168.2.23 | 168.235.111.72 | 0x7935 | Standard query (0) | 256 | 344 | false | |
Mar 10, 2025 03:07:20.750689030 CET | 192.168.2.23 | 168.235.111.72 | 0x7935 | Standard query (0) | 256 | 344 | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 10, 2025 03:05:23.427222967 CET | 194.36.144.87 | 192.168.2.23 | 0x63b0 | No error (0) | 64.227.79.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 03:05:23.427222967 CET | 194.36.144.87 | 192.168.2.23 | 0x63b0 | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 03:05:23.427222967 CET | 194.36.144.87 | 192.168.2.23 | 0x63b0 | No error (0) | 185.220.204.227 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 03:05:23.427222967 CET | 194.36.144.87 | 192.168.2.23 | 0x63b0 | No error (0) | 159.89.101.70 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 03:05:46.844189882 CET | 51.158.108.203 | 192.168.2.23 | 0x10d7 | Format error (1) | none | none | 256 | 506 | false | |
Mar 10, 2025 03:05:46.861486912 CET | 51.158.108.203 | 192.168.2.23 | 0x10d7 | Format error (1) | none | none | 256 | 506 | false | |
Mar 10, 2025 03:05:46.878632069 CET | 51.158.108.203 | 192.168.2.23 | 0x10d7 | Format error (1) | none | none | 256 | 506 | false | |
Mar 10, 2025 03:05:46.895837069 CET | 51.158.108.203 | 192.168.2.23 | 0x10d7 | Format error (1) | none | none | 256 | 506 | false | |
Mar 10, 2025 03:05:46.913038015 CET | 51.158.108.203 | 192.168.2.23 | 0x10d7 | Format error (1) | none | none | 256 | 506 | false | |
Mar 10, 2025 03:05:58.568727970 CET | 152.53.15.127 | 192.168.2.23 | 0xbf20 | Format error (1) | none | none | 256 | 262 | false | |
Mar 10, 2025 03:05:58.594536066 CET | 152.53.15.127 | 192.168.2.23 | 0xbf20 | Format error (1) | none | none | 256 | 262 | false | |
Mar 10, 2025 03:05:58.620429993 CET | 152.53.15.127 | 192.168.2.23 | 0xbf20 | Format error (1) | none | none | 256 | 262 | false | |
Mar 10, 2025 03:05:58.645730019 CET | 152.53.15.127 | 192.168.2.23 | 0xbf20 | Format error (1) | none | none | 256 | 262 | false | |
Mar 10, 2025 03:05:58.665267944 CET | 152.53.15.127 | 192.168.2.23 | 0xbf20 | Format error (1) | none | none | 256 | 262 | false | |
Mar 10, 2025 03:06:22.120361090 CET | 51.158.108.203 | 192.168.2.23 | 0xb23 | Format error (1) | none | none | 256 | 286 | false | |
Mar 10, 2025 03:06:22.138003111 CET | 51.158.108.203 | 192.168.2.23 | 0xb23 | Format error (1) | none | none | 256 | 286 | false | |
Mar 10, 2025 03:06:22.155283928 CET | 51.158.108.203 | 192.168.2.23 | 0xb23 | Format error (1) | none | none | 256 | 286 | false | |
Mar 10, 2025 03:06:22.172374010 CET | 51.158.108.203 | 192.168.2.23 | 0xb23 | Format error (1) | none | none | 256 | 286 | false | |
Mar 10, 2025 03:06:22.189939976 CET | 51.158.108.203 | 192.168.2.23 | 0xb23 | Format error (1) | none | none | 256 | 286 | false | |
Mar 10, 2025 03:06:34.044383049 CET | 168.235.111.72 | 192.168.2.23 | 0xe0d6 | No error (0) | 159.89.101.70 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 03:06:34.044383049 CET | 168.235.111.72 | 192.168.2.23 | 0xe0d6 | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 03:06:34.044383049 CET | 168.235.111.72 | 192.168.2.23 | 0xe0d6 | No error (0) | 64.227.79.152 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 03:06:34.044383049 CET | 168.235.111.72 | 192.168.2.23 | 0xe0d6 | No error (0) | 185.220.204.227 | A (IP address) | IN (0x0001) | false | ||
Mar 10, 2025 03:06:45.285980940 CET | 51.158.108.203 | 192.168.2.23 | 0x7af0 | Format error (1) | none | none | 256 | 309 | false | |
Mar 10, 2025 03:06:45.303220987 CET | 51.158.108.203 | 192.168.2.23 | 0x7af0 | Format error (1) | none | none | 256 | 309 | false | |
Mar 10, 2025 03:06:45.320569038 CET | 51.158.108.203 | 192.168.2.23 | 0x7af0 | Format error (1) | none | none | 256 | 309 | false | |
Mar 10, 2025 03:06:45.338012934 CET | 51.158.108.203 | 192.168.2.23 | 0x7af0 | Format error (1) | none | none | 256 | 309 | false | |
Mar 10, 2025 03:06:45.355195045 CET | 51.158.108.203 | 192.168.2.23 | 0x7af0 | Format error (1) | none | none | 256 | 309 | false | |
Mar 10, 2025 03:06:56.998085022 CET | 51.158.108.203 | 192.168.2.23 | 0xa253 | Format error (1) | none | none | 256 | 320 | false | |
Mar 10, 2025 03:06:57.015527010 CET | 51.158.108.203 | 192.168.2.23 | 0xa253 | Format error (1) | none | none | 256 | 321 | false | |
Mar 10, 2025 03:06:57.033226967 CET | 51.158.108.203 | 192.168.2.23 | 0xa253 | Format error (1) | none | none | 256 | 321 | false | |
Mar 10, 2025 03:06:57.050724983 CET | 51.158.108.203 | 192.168.2.23 | 0xa253 | Format error (1) | none | none | 256 | 321 | false | |
Mar 10, 2025 03:06:57.068227053 CET | 51.158.108.203 | 192.168.2.23 | 0xa253 | Format error (1) | none | none | 256 | 321 | false |
System Behavior
Start time (UTC): | 02:05:22 |
Start date (UTC): | 10/03/2025 |
Path: | /tmp/zerarm5.elf |
Arguments: | /tmp/zerarm5.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 02:05:23 |
Start date (UTC): | 10/03/2025 |
Path: | /tmp/zerarm5.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 02:05:23 |
Start date (UTC): | 10/03/2025 |
Path: | /tmp/zerarm5.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 02:05:38 |
Start date (UTC): | 10/03/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:05:38 |
Start date (UTC): | 10/03/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.f3MA0Bao4i /tmp/tmp.xlsrnaWjFZ /tmp/tmp.GrUFZWE2c2 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 02:05:38 |
Start date (UTC): | 10/03/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 02:05:38 |
Start date (UTC): | 10/03/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.f3MA0Bao4i /tmp/tmp.xlsrnaWjFZ /tmp/tmp.GrUFZWE2c2 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |