Linux
Analysis Report
zerppc.elf
Overview
General Information
Sample name: | zerppc.elf |
Analysis ID: | 1643383 |
MD5: | df04325b7e4ea69392ce56ace53f9dd8 |
SHA1: | a4a2987ce826a888eddd6405e37898f3b49be7c6 |
SHA256: | 187bad2524079311993c2e952ab3c393a365f15a046cbab3558fb1963e11ea7d |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 52 |
Range: | 0 - 100 |
Signatures
Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1643383 |
Start date and time: | 2025-03-19 20:01:30 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | zerppc.elf |
Detection: | MAL |
Classification: | mal52.troj.linELF@0/0@39/0 |
Command: | /tmp/zerppc.elf |
PID: | 6260 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | gosh that chinese family at the other table sure ate a lot |
Standard Error: |
- system is lnxubuntu20
- zerppc.elf New Fork (PID: 6263, Parent: 6260)
- zerppc.elf New Fork (PID: 6265, Parent: 6263)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Networking |
---|
Source: | DNS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
25% | Virustotal | Browse | ||
22% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ohlookthereismyboats.geek | 104.248.47.182 | true | false | high | |
watchmepull.dyn. [malformed] | unknown | unknown | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.220.204.227 | unknown | Israel | 41436 | CLOUDWEBMANAGE-EUGB | false | |
104.248.47.182 | ohlookthereismyboats.geek | United States | 14061 | DIGITALOCEAN-ASNUS | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
185.220.204.227 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
104.248.47.182 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
91.189.91.43 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
91.189.91.42 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ohlookthereismyboats.geek | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
DIGITALOCEAN-ASNUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
CLOUDWEBMANAGE-EUGB | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
INIT7CH | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.161219015340242 |
TrID: |
|
File name: | zerppc.elf |
File size: | 46'112 bytes |
MD5: | df04325b7e4ea69392ce56ace53f9dd8 |
SHA1: | a4a2987ce826a888eddd6405e37898f3b49be7c6 |
SHA256: | 187bad2524079311993c2e952ab3c393a365f15a046cbab3558fb1963e11ea7d |
SHA512: | 8bae60d77b7a6931001558c6557cabb6fa276f246dcc43b5a14401dae566bb17efe2cf87ae91d8f5d77158028a7d2336da1c1811b484a9204a255f498d6e2189 |
SSDEEP: | 768:wmvztLvDjcBRWzoqhfZ+nHPLYAL4rW0yzijSQbmSZaP7IsKuXP4u:wkpLvnk3qfsnHMAuWpilbmSZg7KuXPT |
TLSH: | 58234B43721C0A57C1A65AB5253F07E097FFBEA025F0B685680F9B568A71F331086F9E |
File Content Preview: | .ELF...........................4.........4. ...(.......................|...|........................................dt.Q.............................!..|......$H...H..a...$8!. |...N.. .!..|.......?.......... ..../...@..\?........+../...A..$8...})......N.. |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 45592 |
Section Header Size: | 40 |
Number of Section Headers: | 13 |
Header String Table Index: | 12 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x10000094 | 0x94 | 0x24 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x100000b8 | 0xb8 | 0xa4b8 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.fini | PROGBITS | 0x1000a570 | 0xa570 | 0x20 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x1000a590 | 0xa590 | 0x8ec | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x1001b000 | 0xb000 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x1001b008 | 0xb008 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x1001b010 | 0xb010 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x1001b018 | 0xb018 | 0x198 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
.sdata | PROGBITS | 0x1001b1b0 | 0xb1b0 | 0x18 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.sbss | NOBITS | 0x1001b1c8 | 0xb1c8 | 0x58 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x1001b220 | 0xb1c8 | 0x1fc | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xb1c8 | 0x50 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x10000000 | 0x10000000 | 0xae7c | 0xae7c | 6.2466 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0xb000 | 0x1001b000 | 0x1001b000 | 0x1c8 | 0x41c | 2.3110 | 0x6 | RW | 0x10000 | .ctors .dtors .jcr .data .sdata .sbss .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 102
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 19, 2025 20:02:34.473242998 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 19, 2025 20:02:37.686289072 CET | 45250 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:02:37.691097975 CET | 1440 | 45250 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:02:37.691214085 CET | 45250 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:02:37.700056076 CET | 45250 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:02:37.704936981 CET | 1440 | 45250 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:02:37.704986095 CET | 45250 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:02:37.709713936 CET | 1440 | 45250 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:02:39.848537922 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Mar 19, 2025 20:02:47.709115982 CET | 45250 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:02:47.715612888 CET | 1440 | 45250 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:02:47.915740967 CET | 1440 | 45250 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:02:47.916445971 CET | 45250 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:02:47.921235085 CET | 1440 | 45250 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:02:49.232961893 CET | 45252 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:02:49.237659931 CET | 1440 | 45252 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:02:49.237742901 CET | 45252 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:02:49.238528967 CET | 45252 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:02:49.243179083 CET | 1440 | 45252 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:02:49.243243933 CET | 45252 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:02:49.247895956 CET | 1440 | 45252 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:02:55.718374014 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 19, 2025 20:02:59.836867094 CET | 1440 | 45252 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:02:59.837424040 CET | 45252 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:02:59.842175007 CET | 1440 | 45252 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:00.936392069 CET | 45254 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:00.941153049 CET | 1440 | 45254 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:00.941292048 CET | 45254 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:00.942476988 CET | 45254 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:00.947226048 CET | 1440 | 45254 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:00.947305918 CET | 45254 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:00.952018023 CET | 1440 | 45254 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:01.861613035 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Mar 19, 2025 20:03:05.957196951 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Mar 19, 2025 20:03:11.529082060 CET | 1440 | 45254 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:11.529416084 CET | 45254 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:11.534143925 CET | 1440 | 45254 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:12.612689018 CET | 45256 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:12.617350101 CET | 1440 | 45256 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:12.617419004 CET | 45256 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:12.618192911 CET | 45256 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:12.622833967 CET | 1440 | 45256 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:12.622929096 CET | 45256 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:12.627810001 CET | 1440 | 45256 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:23.200279951 CET | 1440 | 45256 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:23.200563908 CET | 45256 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:23.206185102 CET | 1440 | 45256 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:24.286741018 CET | 45258 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:24.291474104 CET | 1440 | 45258 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:24.291554928 CET | 45258 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:24.292609930 CET | 45258 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:24.297369957 CET | 1440 | 45258 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:24.297421932 CET | 45258 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:24.302119970 CET | 1440 | 45258 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:34.852746964 CET | 1440 | 45258 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:34.853051901 CET | 45258 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:34.859350920 CET | 1440 | 45258 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:35.874622107 CET | 45260 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:35.879340887 CET | 1440 | 45260 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:35.879427910 CET | 45260 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:35.880906105 CET | 45260 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:35.885552883 CET | 1440 | 45260 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:35.885628939 CET | 45260 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:35.890325069 CET | 1440 | 45260 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:36.672964096 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 19, 2025 20:03:46.442532063 CET | 1440 | 45260 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:46.442859888 CET | 45260 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:46.447572947 CET | 1440 | 45260 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:47.608701944 CET | 45262 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:47.613409042 CET | 1440 | 45262 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:47.613507986 CET | 45262 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:47.614379883 CET | 45262 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:47.619023085 CET | 1440 | 45262 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:47.619102001 CET | 45262 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:47.623806000 CET | 1440 | 45262 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:57.150099039 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Mar 19, 2025 20:03:57.615833998 CET | 45262 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:57.620600939 CET | 1440 | 45262 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:57.814191103 CET | 1440 | 45262 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:57.814368963 CET | 45262 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:57.819057941 CET | 1440 | 45262 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:58.900214911 CET | 45264 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:58.904907942 CET | 1440 | 45264 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:58.905000925 CET | 45264 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:58.906040907 CET | 45264 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:58.910937071 CET | 1440 | 45264 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:03:58.910995007 CET | 45264 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:03:58.915637016 CET | 1440 | 45264 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:04:09.508491993 CET | 1440 | 45264 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:04:09.508749008 CET | 45264 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:04:09.513355017 CET | 1440 | 45264 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:04:10.538858891 CET | 52016 | 1440 | 192.168.2.23 | 185.220.204.227 |
Mar 19, 2025 20:04:10.546554089 CET | 1440 | 52016 | 185.220.204.227 | 192.168.2.23 |
Mar 19, 2025 20:04:10.546623945 CET | 52016 | 1440 | 192.168.2.23 | 185.220.204.227 |
Mar 19, 2025 20:04:10.547677994 CET | 52016 | 1440 | 192.168.2.23 | 185.220.204.227 |
Mar 19, 2025 20:04:10.554476976 CET | 1440 | 52016 | 185.220.204.227 | 192.168.2.23 |
Mar 19, 2025 20:04:10.554533005 CET | 52016 | 1440 | 192.168.2.23 | 185.220.204.227 |
Mar 19, 2025 20:04:10.561186075 CET | 1440 | 52016 | 185.220.204.227 | 192.168.2.23 |
Mar 19, 2025 20:04:21.087065935 CET | 1440 | 52016 | 185.220.204.227 | 192.168.2.23 |
Mar 19, 2025 20:04:21.087362051 CET | 52016 | 1440 | 192.168.2.23 | 185.220.204.227 |
Mar 19, 2025 20:04:21.092253923 CET | 1440 | 52016 | 185.220.204.227 | 192.168.2.23 |
Mar 19, 2025 20:04:22.189032078 CET | 52018 | 1440 | 192.168.2.23 | 185.220.204.227 |
Mar 19, 2025 20:04:22.193732023 CET | 1440 | 52018 | 185.220.204.227 | 192.168.2.23 |
Mar 19, 2025 20:04:22.193903923 CET | 52018 | 1440 | 192.168.2.23 | 185.220.204.227 |
Mar 19, 2025 20:04:22.196105957 CET | 52018 | 1440 | 192.168.2.23 | 185.220.204.227 |
Mar 19, 2025 20:04:22.200778008 CET | 1440 | 52018 | 185.220.204.227 | 192.168.2.23 |
Mar 19, 2025 20:04:22.200869083 CET | 52018 | 1440 | 192.168.2.23 | 185.220.204.227 |
Mar 19, 2025 20:04:22.205508947 CET | 1440 | 52018 | 185.220.204.227 | 192.168.2.23 |
Mar 19, 2025 20:04:32.739747047 CET | 1440 | 52018 | 185.220.204.227 | 192.168.2.23 |
Mar 19, 2025 20:04:32.740158081 CET | 52018 | 1440 | 192.168.2.23 | 185.220.204.227 |
Mar 19, 2025 20:04:32.744970083 CET | 1440 | 52018 | 185.220.204.227 | 192.168.2.23 |
Mar 19, 2025 20:04:33.773269892 CET | 45270 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:04:33.777932882 CET | 1440 | 45270 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:04:33.778027058 CET | 45270 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:04:33.779129028 CET | 45270 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:04:33.783855915 CET | 1440 | 45270 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 20:04:33.783932924 CET | 45270 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 20:04:33.788630962 CET | 1440 | 45270 | 104.248.47.182 | 192.168.2.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 19, 2025 20:02:37.662947893 CET | 39367 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 19, 2025 20:02:37.679655075 CET | 53 | 39367 | 194.36.144.87 | 192.168.2.23 |
Mar 19, 2025 20:02:48.919270039 CET | 44387 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 20:02:48.936558008 CET | 53 | 44387 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 20:02:48.937585115 CET | 52224 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 20:02:48.954785109 CET | 53 | 52224 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 20:02:48.955594063 CET | 51435 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 20:02:49.191099882 CET | 53 | 51435 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 20:02:49.192718983 CET | 35570 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 20:02:49.214138985 CET | 53 | 35570 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 20:02:49.215121984 CET | 60314 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 20:02:49.232392073 CET | 53 | 60314 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 20:03:00.840280056 CET | 33060 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 20:03:00.858063936 CET | 53 | 33060 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 20:03:00.859723091 CET | 57379 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 20:03:00.877588987 CET | 53 | 57379 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 20:03:00.878922939 CET | 50752 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 20:03:00.896972895 CET | 53 | 50752 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 20:03:00.898441076 CET | 39360 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 20:03:00.916621923 CET | 53 | 39360 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 20:03:00.918004036 CET | 58095 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 20:03:00.935487986 CET | 53 | 58095 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 20:03:12.531909943 CET | 50261 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:12.546947956 CET | 53 | 50261 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:12.547884941 CET | 53587 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:12.563124895 CET | 53 | 53587 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:12.564234972 CET | 36198 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:12.579400063 CET | 53 | 36198 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:12.580329895 CET | 45052 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:12.595506907 CET | 53 | 45052 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:12.596478939 CET | 49035 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:12.612123966 CET | 53 | 49035 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:24.203315973 CET | 52542 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:24.219132900 CET | 53 | 52542 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:24.220273018 CET | 33261 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:24.235796928 CET | 53 | 33261 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:24.237010002 CET | 38970 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:24.252275944 CET | 53 | 38970 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:24.253371954 CET | 34742 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:24.268706083 CET | 53 | 34742 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:24.269985914 CET | 46141 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:24.285747051 CET | 53 | 46141 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:35.855966091 CET | 40069 | 53 | 192.168.2.23 | 152.53.15.127 |
Mar 19, 2025 20:03:35.873408079 CET | 53 | 40069 | 152.53.15.127 | 192.168.2.23 |
Mar 19, 2025 20:03:47.453455925 CET | 49457 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 19, 2025 20:03:47.482856035 CET | 53 | 49457 | 81.169.136.222 | 192.168.2.23 |
Mar 19, 2025 20:03:47.484563112 CET | 46887 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 19, 2025 20:03:47.514993906 CET | 53 | 46887 | 81.169.136.222 | 192.168.2.23 |
Mar 19, 2025 20:03:47.516511917 CET | 41071 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 19, 2025 20:03:47.546017885 CET | 53 | 41071 | 81.169.136.222 | 192.168.2.23 |
Mar 19, 2025 20:03:47.547291994 CET | 42519 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 19, 2025 20:03:47.576747894 CET | 53 | 42519 | 81.169.136.222 | 192.168.2.23 |
Mar 19, 2025 20:03:47.578290939 CET | 52087 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 19, 2025 20:03:47.607882023 CET | 53 | 52087 | 81.169.136.222 | 192.168.2.23 |
Mar 19, 2025 20:03:58.816668034 CET | 51353 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:58.832509041 CET | 53 | 51353 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:58.833651066 CET | 36309 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:58.849179983 CET | 53 | 36309 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:58.850274086 CET | 44711 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:58.866003990 CET | 53 | 44711 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:58.867063046 CET | 42688 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:58.882616043 CET | 53 | 42688 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:03:58.884030104 CET | 33589 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 20:03:58.899559975 CET | 53 | 33589 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 20:04:10.512254953 CET | 51120 | 53 | 192.168.2.23 | 152.53.15.127 |
Mar 19, 2025 20:04:10.537863970 CET | 53 | 51120 | 152.53.15.127 | 192.168.2.23 |
Mar 19, 2025 20:04:22.090760946 CET | 41494 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 19, 2025 20:04:22.107415915 CET | 53 | 41494 | 194.36.144.87 | 192.168.2.23 |
Mar 19, 2025 20:04:22.109792948 CET | 41173 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 19, 2025 20:04:22.132428885 CET | 53 | 41173 | 194.36.144.87 | 192.168.2.23 |
Mar 19, 2025 20:04:22.134712934 CET | 53433 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 19, 2025 20:04:22.151444912 CET | 53 | 53433 | 194.36.144.87 | 192.168.2.23 |
Mar 19, 2025 20:04:22.153284073 CET | 53045 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 19, 2025 20:04:22.170100927 CET | 53 | 53045 | 194.36.144.87 | 192.168.2.23 |
Mar 19, 2025 20:04:22.171231985 CET | 53216 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 19, 2025 20:04:22.187915087 CET | 53 | 53216 | 194.36.144.87 | 192.168.2.23 |
Mar 19, 2025 20:04:33.742955923 CET | 41589 | 53 | 192.168.2.23 | 81.169.136.222 |
Mar 19, 2025 20:04:33.772247076 CET | 53 | 41589 | 81.169.136.222 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 19, 2025 20:02:37.662947893 CET | 192.168.2.23 | 194.36.144.87 | 0x7ffd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 19, 2025 20:02:48.919270039 CET | 192.168.2.23 | 202.61.197.122 | 0xc681 | Standard query (0) | 256 | 472 | false | |
Mar 19, 2025 20:02:48.937585115 CET | 192.168.2.23 | 202.61.197.122 | 0xc681 | Standard query (0) | 256 | 472 | false | |
Mar 19, 2025 20:02:48.955594063 CET | 192.168.2.23 | 202.61.197.122 | 0xc681 | Standard query (0) | 256 | 473 | false | |
Mar 19, 2025 20:02:49.192718983 CET | 192.168.2.23 | 202.61.197.122 | 0xc681 | Standard query (0) | 256 | 473 | false | |
Mar 19, 2025 20:02:49.215121984 CET | 192.168.2.23 | 202.61.197.122 | 0xc681 | Standard query (0) | 256 | 473 | false | |
Mar 19, 2025 20:03:00.840280056 CET | 192.168.2.23 | 202.61.197.122 | 0x6060 | Standard query (0) | 256 | 484 | false | |
Mar 19, 2025 20:03:00.859723091 CET | 192.168.2.23 | 202.61.197.122 | 0x6060 | Standard query (0) | 256 | 484 | false | |
Mar 19, 2025 20:03:00.878922939 CET | 192.168.2.23 | 202.61.197.122 | 0x6060 | Standard query (0) | 256 | 484 | false | |
Mar 19, 2025 20:03:00.898441076 CET | 192.168.2.23 | 202.61.197.122 | 0x6060 | Standard query (0) | 256 | 484 | false | |
Mar 19, 2025 20:03:00.918004036 CET | 192.168.2.23 | 202.61.197.122 | 0x6060 | Standard query (0) | 256 | 484 | false | |
Mar 19, 2025 20:03:12.531909943 CET | 192.168.2.23 | 51.158.108.203 | 0xdf57 | Standard query (0) | 256 | 496 | false | |
Mar 19, 2025 20:03:12.547884941 CET | 192.168.2.23 | 51.158.108.203 | 0xdf57 | Standard query (0) | 256 | 496 | false | |
Mar 19, 2025 20:03:12.564234972 CET | 192.168.2.23 | 51.158.108.203 | 0xdf57 | Standard query (0) | 256 | 496 | false | |
Mar 19, 2025 20:03:12.580329895 CET | 192.168.2.23 | 51.158.108.203 | 0xdf57 | Standard query (0) | 256 | 496 | false | |
Mar 19, 2025 20:03:12.596478939 CET | 192.168.2.23 | 51.158.108.203 | 0xdf57 | Standard query (0) | 256 | 496 | false | |
Mar 19, 2025 20:03:24.203315973 CET | 192.168.2.23 | 51.158.108.203 | 0x8bbc | Standard query (0) | 256 | 508 | false | |
Mar 19, 2025 20:03:24.220273018 CET | 192.168.2.23 | 51.158.108.203 | 0x8bbc | Standard query (0) | 256 | 508 | false | |
Mar 19, 2025 20:03:24.237010002 CET | 192.168.2.23 | 51.158.108.203 | 0x8bbc | Standard query (0) | 256 | 508 | false | |
Mar 19, 2025 20:03:24.253371954 CET | 192.168.2.23 | 51.158.108.203 | 0x8bbc | Standard query (0) | 256 | 508 | false | |
Mar 19, 2025 20:03:24.269985914 CET | 192.168.2.23 | 51.158.108.203 | 0x8bbc | Standard query (0) | 256 | 508 | false | |
Mar 19, 2025 20:03:35.855966091 CET | 192.168.2.23 | 152.53.15.127 | 0xbc41 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 19, 2025 20:03:47.453455925 CET | 192.168.2.23 | 81.169.136.222 | 0x5504 | Standard query (0) | 256 | 275 | false | |
Mar 19, 2025 20:03:47.484563112 CET | 192.168.2.23 | 81.169.136.222 | 0x5504 | Standard query (0) | 256 | 275 | false | |
Mar 19, 2025 20:03:47.516511917 CET | 192.168.2.23 | 81.169.136.222 | 0x5504 | Standard query (0) | 256 | 275 | false | |
Mar 19, 2025 20:03:47.547291994 CET | 192.168.2.23 | 81.169.136.222 | 0x5504 | Standard query (0) | 256 | 275 | false | |
Mar 19, 2025 20:03:47.578290939 CET | 192.168.2.23 | 81.169.136.222 | 0x5504 | Standard query (0) | 256 | 275 | false | |
Mar 19, 2025 20:03:58.816668034 CET | 192.168.2.23 | 51.158.108.203 | 0xe562 | Standard query (0) | 256 | 286 | false | |
Mar 19, 2025 20:03:58.833651066 CET | 192.168.2.23 | 51.158.108.203 | 0xe562 | Standard query (0) | 256 | 286 | false | |
Mar 19, 2025 20:03:58.850274086 CET | 192.168.2.23 | 51.158.108.203 | 0xe562 | Standard query (0) | 256 | 286 | false | |
Mar 19, 2025 20:03:58.867063046 CET | 192.168.2.23 | 51.158.108.203 | 0xe562 | Standard query (0) | 256 | 286 | false | |
Mar 19, 2025 20:03:58.884030104 CET | 192.168.2.23 | 51.158.108.203 | 0xe562 | Standard query (0) | 256 | 286 | false | |
Mar 19, 2025 20:04:10.512254953 CET | 192.168.2.23 | 152.53.15.127 | 0xbea4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 19, 2025 20:04:22.090760946 CET | 192.168.2.23 | 194.36.144.87 | 0x94b8 | Standard query (0) | 256 | 310 | false | |
Mar 19, 2025 20:04:22.109792948 CET | 192.168.2.23 | 194.36.144.87 | 0x94b8 | Standard query (0) | 256 | 310 | false | |
Mar 19, 2025 20:04:22.134712934 CET | 192.168.2.23 | 194.36.144.87 | 0x94b8 | Standard query (0) | 256 | 310 | false | |
Mar 19, 2025 20:04:22.153284073 CET | 192.168.2.23 | 194.36.144.87 | 0x94b8 | Standard query (0) | 256 | 310 | false | |
Mar 19, 2025 20:04:22.171231985 CET | 192.168.2.23 | 194.36.144.87 | 0x94b8 | Standard query (0) | 256 | 310 | false | |
Mar 19, 2025 20:04:33.742955923 CET | 192.168.2.23 | 81.169.136.222 | 0x5c7d | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 19, 2025 20:02:37.679655075 CET | 194.36.144.87 | 192.168.2.23 | 0x7ffd | No error (0) | 104.248.47.182 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 20:02:37.679655075 CET | 194.36.144.87 | 192.168.2.23 | 0x7ffd | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 20:02:37.679655075 CET | 194.36.144.87 | 192.168.2.23 | 0x7ffd | No error (0) | 185.220.204.227 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 20:03:12.546947956 CET | 51.158.108.203 | 192.168.2.23 | 0xdf57 | Format error (1) | none | none | 256 | 496 | false | |
Mar 19, 2025 20:03:12.563124895 CET | 51.158.108.203 | 192.168.2.23 | 0xdf57 | Format error (1) | none | none | 256 | 496 | false | |
Mar 19, 2025 20:03:12.579400063 CET | 51.158.108.203 | 192.168.2.23 | 0xdf57 | Format error (1) | none | none | 256 | 496 | false | |
Mar 19, 2025 20:03:12.595506907 CET | 51.158.108.203 | 192.168.2.23 | 0xdf57 | Format error (1) | none | none | 256 | 496 | false | |
Mar 19, 2025 20:03:12.612123966 CET | 51.158.108.203 | 192.168.2.23 | 0xdf57 | Format error (1) | none | none | 256 | 496 | false | |
Mar 19, 2025 20:03:24.219132900 CET | 51.158.108.203 | 192.168.2.23 | 0x8bbc | Format error (1) | none | none | 256 | 508 | false | |
Mar 19, 2025 20:03:24.235796928 CET | 51.158.108.203 | 192.168.2.23 | 0x8bbc | Format error (1) | none | none | 256 | 508 | false | |
Mar 19, 2025 20:03:24.252275944 CET | 51.158.108.203 | 192.168.2.23 | 0x8bbc | Format error (1) | none | none | 256 | 508 | false | |
Mar 19, 2025 20:03:24.268706083 CET | 51.158.108.203 | 192.168.2.23 | 0x8bbc | Format error (1) | none | none | 256 | 508 | false | |
Mar 19, 2025 20:03:24.285747051 CET | 51.158.108.203 | 192.168.2.23 | 0x8bbc | Format error (1) | none | none | 256 | 508 | false | |
Mar 19, 2025 20:03:35.873408079 CET | 152.53.15.127 | 192.168.2.23 | 0xbc41 | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 20:03:35.873408079 CET | 152.53.15.127 | 192.168.2.23 | 0xbc41 | No error (0) | 104.248.47.182 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 20:03:35.873408079 CET | 152.53.15.127 | 192.168.2.23 | 0xbc41 | No error (0) | 185.220.204.227 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 20:03:58.832509041 CET | 51.158.108.203 | 192.168.2.23 | 0xe562 | Format error (1) | none | none | 256 | 286 | false | |
Mar 19, 2025 20:03:58.849179983 CET | 51.158.108.203 | 192.168.2.23 | 0xe562 | Format error (1) | none | none | 256 | 286 | false | |
Mar 19, 2025 20:03:58.866003990 CET | 51.158.108.203 | 192.168.2.23 | 0xe562 | Format error (1) | none | none | 256 | 286 | false | |
Mar 19, 2025 20:03:58.882616043 CET | 51.158.108.203 | 192.168.2.23 | 0xe562 | Format error (1) | none | none | 256 | 286 | false | |
Mar 19, 2025 20:03:58.899559975 CET | 51.158.108.203 | 192.168.2.23 | 0xe562 | Format error (1) | none | none | 256 | 286 | false | |
Mar 19, 2025 20:04:10.537863970 CET | 152.53.15.127 | 192.168.2.23 | 0xbea4 | No error (0) | 104.248.47.182 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 20:04:10.537863970 CET | 152.53.15.127 | 192.168.2.23 | 0xbea4 | No error (0) | 185.220.204.227 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 20:04:10.537863970 CET | 152.53.15.127 | 192.168.2.23 | 0xbea4 | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 20:04:22.107415915 CET | 194.36.144.87 | 192.168.2.23 | 0x94b8 | Format error (1) | none | none | 256 | 310 | false | |
Mar 19, 2025 20:04:22.132428885 CET | 194.36.144.87 | 192.168.2.23 | 0x94b8 | Format error (1) | none | none | 256 | 310 | false | |
Mar 19, 2025 20:04:22.151444912 CET | 194.36.144.87 | 192.168.2.23 | 0x94b8 | Format error (1) | none | none | 256 | 310 | false | |
Mar 19, 2025 20:04:22.170100927 CET | 194.36.144.87 | 192.168.2.23 | 0x94b8 | Format error (1) | none | none | 256 | 310 | false | |
Mar 19, 2025 20:04:22.187915087 CET | 194.36.144.87 | 192.168.2.23 | 0x94b8 | Format error (1) | none | none | 256 | 310 | false | |
Mar 19, 2025 20:04:33.772247076 CET | 81.169.136.222 | 192.168.2.23 | 0x5c7d | No error (0) | 185.220.204.227 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 20:04:33.772247076 CET | 81.169.136.222 | 192.168.2.23 | 0x5c7d | No error (0) | 104.248.47.182 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 20:04:33.772247076 CET | 81.169.136.222 | 192.168.2.23 | 0x5c7d | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 19:02:34 |
Start date (UTC): | 19/03/2025 |
Path: | /tmp/zerppc.elf |
Arguments: | /tmp/zerppc.elf |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 19:02:36 |
Start date (UTC): | 19/03/2025 |
Path: | /tmp/zerppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |
Start time (UTC): | 19:02:36 |
Start date (UTC): | 19/03/2025 |
Path: | /tmp/zerppc.elf |
Arguments: | - |
File size: | 5388968 bytes |
MD5 hash: | ae65271c943d3451b7f026d1fadccea6 |