Edit tour
Linux
Analysis Report
.i.elf
Overview
General Information
| Sample name: | .i.elf |
| Analysis ID: | 1652040 |
| MD5: | 7ef98571a0946df25cc7d5d1ba272ce3 |
| SHA1: | 6683862f67caa4290ccf55aaeecfd36380104b47 |
| SHA256: | b69025d793ff554572590f3d8f0c1469930f0e8e554aeb48d4d3485f44e54188 |
| Tags: | elfuser-abuse_ch |
| Infos: |  |
 | |
Detection
Mirai
| Score: | 76 |
| Range: | 0 - 100 |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Mirai
Executes the "iptables" command to insert, remove and/or manipulate rules
Opens /proc/net/* files useful for finding connected devices and routers
Sample deletes itself
Creates hidden files and/or directories
Detected TCP or UDP traffic on non-standard ports
ELF contains segments with high entropy indicating compressed/encrypted content
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "iptables" command used for managing IP filtering and manipulation
Reads the 'hosts' file potentially containing internal network hosts
Sample contains only a LOAD segment without any section mappings
Suricata IDS alerts with low severity for network traffic
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1652040 |
| Start date and time: | 2025-03-30 05:14:14 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 19s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | .i.elf |
| Detection: | MAL |
| Classification: | mal76.spre.troj.evad.linELF@0/2@5/0 |
- Excluded IPs from analysis (whitelisted): 64.142.54.12, 209.51.161.238, 75.72.171.171, 68.234.48.70
- Excluded domains from analysis (whitelisted): pool.ntp.org
| Command: | /tmp/.i.elf |
| PID: | 5492 |
| Exit Code: | 0 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | |
| Standard Error: | iptables v1.8.4 (legacy): Couldn't load target `CWMP_CR':No such file or directory Try `iptables -h' or 'iptables --help' for more information. iptables: No chain/target/match by that name. |
- system is lnxubuntu20
- .i.elf New Fork (PID: 5494, Parent: 5492)
- .i.elf New Fork (PID: 5498, Parent: 5494)
- .i.elf New Fork (PID: 5506, Parent: 5498)
- sh New Fork (PID: 5512, Parent: 5506)
- .i.elf New Fork (PID: 5520, Parent: 5498)
- sh New Fork (PID: 5525, Parent: 5520)
- .i.elf New Fork (PID: 5526, Parent: 5498)
- sh New Fork (PID: 5531, Parent: 5526)
- .i.elf New Fork (PID: 5532, Parent: 5498)
- sh New Fork (PID: 5537, Parent: 5532)
- .i.elf New Fork (PID: 5538, Parent: 5498)
- sh New Fork (PID: 5543, Parent: 5538)
- .i.elf New Fork (PID: 5545, Parent: 5498)
- sh New Fork (PID: 5550, Parent: 5545)
- .i.elf New Fork (PID: 5551, Parent: 5498)
- sh New Fork (PID: 5556, Parent: 5551)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Mirai | Mirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world. | No Attribution |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | ||
| JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-30T05:16:45.484699+0200 | 2826175 | 1 | A Network Trojan was detected | 78.130.47.113 | 60362 | 192.168.2.14 | 53681 | UDP |
| 2025-03-30T05:16:49.289644+0200 | 2826175 | 1 | A Network Trojan was detected | 78.130.47.113 | 60362 | 192.168.2.14 | 53681 | UDP |
| 2025-03-30T05:16:49.289669+0200 | 2826175 | 1 | A Network Trojan was detected | 78.130.47.113 | 60362 | 192.168.2.14 | 53681 | UDP |
| 2025-03-30T05:17:42.264319+0200 | 2826175 | 1 | A Network Trojan was detected | 2.187.250.83 | 23968 | 192.168.2.14 | 53681 | UDP |
| 2025-03-30T05:18:21.366372+0200 | 2826175 | 1 | A Network Trojan was detected | 1.70.85.22 | 31041 | 192.168.2.14 | 53681 | UDP |
| 2025-03-30T05:18:28.363565+0200 | 2826175 | 1 | A Network Trojan was detected | 5.36.121.116 | 26127 | 192.168.2.14 | 53681 | UDP |
| 2025-03-30T05:18:29.284968+0200 | 2826175 | 1 | A Network Trojan was detected | 2.183.97.22 | 48979 | 192.168.2.14 | 53681 | UDP |
- • AV Detection
- • Spreading
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
Spreading | |
|---|
| Source: | Opens: | Jump to behavior | ||
Networking | |
|---|
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | UDP traffic: | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Reads hosts file: | Jump to behavior | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Program segment: | ||
| Source: | Classification label: | ||
Persistence and Installation Behavior | |
|---|
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Iptables executable using switch for changing the iptables rules: | Jump to behavior | ||
| Source: | Directory: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Shell command executed: | Jump to behavior | ||
| Source: | Shell command executed: | Jump to behavior | ||
| Source: | Shell command executed: | Jump to behavior | ||
| Source: | Shell command executed: | Jump to behavior | ||
| Source: | Shell command executed: | Jump to behavior | ||
| Source: | Shell command executed: | Jump to behavior | ||
| Source: | Shell command executed: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Iptables executable: | Jump to behavior | ||
| Source: | Stderr: iptables v1.8.4 (legacy): Couldn't load target `CWMP_CR':No such file or directoryTry `iptables -h' or 'iptables --help' for more information.iptables: No chain/target/match by that name.: | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File: | Jump to behavior | ||
| Source: | Submission file: | ||
| Source: | Queries kernel information via 'uname': | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Scripting | Path Interception | 1 Hidden Files and Directories | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Obfuscated Files or Information | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | 1 Remote System Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 48% | Virustotal | Browse | ||
| 56% | ReversingLabs | Linux.Infostealer.Berbew | ||
| 100% | Avira | LINUX/AVI.Agent.yttum |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| daisy.ubuntu.com | 162.213.35.24 | true | false | high | |
| router.bittorrent.com | 67.215.246.10 | true | false | high | |
| router.utorrent.com | 82.221.103.244 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 2.183.97.22 | unknown | Iran (ISLAMIC Republic Of) | 58224 | TCIIR | false | |
| 163.172.75.19 | unknown | United Kingdom | 12876 | OnlineSASFR | false | |
| 181.94.224.3 | unknown | Argentina | 7303 | TelecomArgentinaSAAR | false | |
| 186.85.240.119 | unknown | Colombia | 10620 | TelmexColombiaSACO | false | |
| 1.70.85.22 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
| 185.177.124.180 | unknown | Netherlands | 49981 | WORLDSTREAMNL | false | |
| 83.30.191.10 | unknown | Poland | 5617 | TPNETPL | false | |
| 62.210.181.41 | unknown | France | 12876 | OnlineSASFR | false | |
| 154.202.132.183 | unknown | Seychelles | 132839 | POWERLINE-AS-APPOWERLINEDATACENTERHK | false | |
| 168.232.12.86 | unknown | Brazil | 264932 | STAYNETSERVICOSDEINTERNETLTDA-MEBR | false | |
| 178.234.62.199 | unknown | Russian Federation | 12389 | ROSTELECOM-ASRU | false | |
| 83.255.190.106 | unknown | Sweden | 39651 | COMHEM-SWEDENSE | false | |
| 85.174.205.16 | unknown | Russian Federation | 12389 | ROSTELECOM-ASRU | false | |
| 181.117.160.195 | unknown | Argentina | 11664 | TechtelLMDSComunicacionesInteractivasSAAR | false | |
| 88.99.212.222 | unknown | Germany | 24940 | HETZNER-ASDE | false | |
| 2.57.84.131 | unknown | Italy | 203462 | ASNOVACONNNovaConn-InternetServiceProviderIT | false | |
| 112.172.103.191 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | false | |
| 180.97.50.214 | unknown | China | 137702 | CHINATELECOM-JIANGSU-NANJING-IDCNanjingJiangsuProvince | false | |
| 186.99.137.5 | unknown | Colombia | 701 | UUNETUS | false | |
| 45.228.212.46 | unknown | Brazil | 266112 | JMATERPROVEDORESESERVICOSDETELECOMLTDABR | false | |
| 82.221.103.244 | router.utorrent.com | Iceland | 50613 | THORDC-ASIS | false | |
| 176.208.33.175 | unknown | Russian Federation | 12389 | ROSTELECOM-ASRU | false | |
| 177.225.165.149 | unknown | Mexico | 13999 | MegaCableSAdeCVMX | false | |
| 198.54.134.252 | unknown | United States | 11878 | TZULOUS | false | |
| 184.75.221.180 | unknown | Canada | 32489 | AMANAHA-NEWCA | false | |
| 195.7.12.14 | unknown | Czech Republic | 210148 | ASORVISES | false | |
| 154.47.28.136 | unknown | United States | 174 | COGENT-174US | false | |
| 188.241.80.69 | unknown | Romania | 50369 | SAFEGRIDRO | false | |
| 178.85.29.181 | unknown | Netherlands | 6830 | LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding | false | |
| 201.131.173.28 | unknown | Brazil | 61842 | PlugnetOnlineServicosInformaticaLTDAMEBR | false | |
| 95.25.136.19 | unknown | Russian Federation | 3216 | SOVAM-ASRU | false | |
| 88.112.74.121 | unknown | Finland | 719 | ELISA-ASHelsinkiFinlandEU | false | |
| 31.181.35.148 | unknown | Russian Federation | 12389 | ROSTELECOM-ASRU | false | |
| 38.21.51.103 | unknown | United States | 395795 | CTCUS | false | |
| 46.72.53.228 | unknown | Russian Federation | 12714 | TI-ASMoscowRussiaRU | false | |
| 68.112.204.176 | unknown | United States | 20115 | CHARTER-20115US | false | |
| 86.171.147.214 | unknown | United Kingdom | 2856 | BT-UK-ASBTnetUKRegionalnetworkGB | false | |
| 209.38.196.30 | unknown | United States | 7018 | ATT-INTERNET4US | false | |
| 176.115.144.24 | unknown | Russian Federation | 197275 | ASLINKTELECOMNNRU | false | |
| 188.18.37.187 | unknown | Russian Federation | 12389 | ROSTELECOM-ASRU | false | |
| 193.226.238.212 | unknown | Hungary | 12301 | INVITECHHU | false | |
| 174.106.248.226 | unknown | United States | 11426 | TWC-11426-CAROLINASUS | false | |
| 24.144.47.156 | unknown | United States | 12231 | CONWAYCORPUS | false | |
| 189.63.46.223 | unknown | Brazil | 28573 | CLAROSABR | false | |
| 138.255.223.9 | unknown | Brazil | 263994 | HELIOBMARTINSJUNIOR-MEBR | false | |
| 91.223.75.159 | unknown | unknown | 196762 | ASALKOMCZ | false | |
| 91.20.28.53 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
| 54.215.207.56 | unknown | United States | 16509 | AMAZON-02US | false | |
| 84.153.232.48 | unknown | Germany | 3320 | DTAGInternetserviceprovideroperationsDE | false | |
| 116.226.31.175 | unknown | China | 4812 | CHINANET-SH-APChinaTelecomGroupCN | false | |
| 117.29.90.74 | unknown | China | 133776 | CHINATELECOM-FUJIAN-QUANZHOU-IDC1QuanzhouCN | false | |
| 146.241.177.235 | unknown | Italy | 35612 | NGI-ASIT | false | |
| 75.73.138.48 | unknown | United States | 7922 | COMCAST-7922US | false | |
| 94.158.12.211 | unknown | Russian Federation | 51645 | IRKUTSK-ASRU | false | |
| 106.210.128.151 | unknown | India | 45609 | BHARTI-MOBILITY-AS-APBhartiAirtelLtdASforGPRSService | false | |
| 24.236.195.109 | unknown | United States | 20115 | CHARTER-20115US | false | |
| 186.13.122.39 | unknown | Argentina | 11664 | TechtelLMDSComunicacionesInteractivasSAAR | false | |
| 178.174.239.249 | unknown | Sweden | 8473 | BAHNHOFhttpwwwbahnhofnetSE | false | |
| 154.205.157.45 | unknown | Seychelles | 26484 | IKGUL-26484US | false | |
| 5.228.82.170 | unknown | Russian Federation | 42610 | NCNET-ASRU | false | |
| 77.49.156.11 | unknown | Greece | 1241 | FORTHNET-GRForthnetEU | false | |
| 5.79.83.114 | unknown | Netherlands | 60781 | LEASEWEB-NL-AMS-01NetherlandsNL | false | |
| 23.94.134.189 | unknown | United States | 36352 | AS-COLOCROSSINGUS | false | |
| 99.241.228.239 | unknown | Canada | 812 | ROGERS-COMMUNICATIONSCA | false | |
| 37.135.84.122 | unknown | Spain | 12479 | UNI2-ASES | false | |
| 41.121.126.152 | unknown | South Africa | 16637 | MTNNS-ASZA | false | |
| 176.124.146.189 | unknown | Russian Federation | 59665 | ULTRATEL-ASRU | false | |
| 178.84.39.173 | unknown | Netherlands | 6830 | LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding | false | |
| 126.28.199.235 | unknown | Japan | 17676 | GIGAINFRASoftbankBBCorpJP | false | |
| 157.48.129.127 | unknown | India | 55836 | RELIANCEJIO-INRelianceJioInfocommLimitedIN | false | |
| 46.242.11.50 | unknown | Russian Federation | 42610 | NCNET-ASRU | false | |
| 95.24.127.125 | unknown | Russian Federation | 8402 | CORBINA-ASOJSCVimpelcomRU | false | |
| 41.225.138.217 | unknown | Tunisia | 37671 | GLOBALNET-ASTN | false | |
| 184.22.37.201 | unknown | Thailand | 133481 | AIS-FIBRE-AS-APAISFibreTH | false | |
| 89.134.18.40 | unknown | Hungary | 6830 | LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding | false | |
| 178.235.189.68 | unknown | Poland | 29314 | VECTRANET-ASAlZwyciestwa25381-525GdyniaPolandPL | false | |
| 92.141.177.229 | unknown | France | 3215 | FranceTelecom-OrangeFR | false | |
| 190.80.34.10 | unknown | Guyana | 19863 | GuyanaTelephoneTelegraphCoGY | false | |
| 195.154.179.2 | unknown | France | 12876 | OnlineSASFR | false | |
| 46.188.124.64 | unknown | Russian Federation | 8334 | CO-2COM-ASMoscowRU | false | |
| 177.25.126.152 | unknown | Brazil | 26599 | TELEFONICABRASILSABR | false | |
| 46.55.162.39 | unknown | Bulgaria | 51582 | DCC-BG | false | |
| 91.160.161.82 | unknown | France | 12322 | PROXADFR | false | |
| 95.24.174.89 | unknown | Russian Federation | 8402 | CORBINA-ASOJSCVimpelcomRU | false | |
| 5.36.121.116 | unknown | Oman | 28885 | OMANTEL-NAP-ASOmanTelNAPOM | false | |
| 46.164.32.235 | unknown | Slovenia | 21283 | A1SI-ASA1SlovenijaSI | false | |
| 72.21.17.51 | unknown | Canada | 394151 | AS-WHATBOX-CA | false | |
| 1.161.159.155 | unknown | Taiwan; Republic of China (ROC) | 3462 | HINETDataCommunicationBusinessGroupTW | false | |
| 176.241.84.131 | unknown | Iraq | 57588 | HAYAT-ISP-ASNIQ | false | |
| 173.220.61.10 | unknown | United States | 6128 | CABLE-NET-1US | false | |
| 181.2.131.22 | unknown | Argentina | 7303 | TelecomArgentinaSAAR | false | |
| 49.238.6.193 | unknown | Japan | 9614 | OCTOitaCableTelecomColtdJP | false | |
| 178.206.139.151 | unknown | Russian Federation | 28840 | TATTELECOM-ASRU | false | |
| 80.250.231.164 | unknown | Russian Federation | 24663 | COMPLAT-ASRU | false | |
| 182.105.243.206 | unknown | China | 4134 | CHINANET-BACKBONENo31Jin-rongStreetCN | false | |
| 78.130.47.113 | unknown | Portugal | 2860 | NOS_COMUNICACOESPT | false | |
| 200.63.41.32 | unknown | Panama | 52284 | PanamaservercomPA | false | |
| 2.187.250.83 | unknown | Iran (ISLAMIC Republic Of) | 58224 | TCIIR | false | |
| 14.192.208.154 | unknown | Malaysia | 9534 | MAXIS-AS1-APBinariangBerhadMY | false | |
| 185.142.92.10 | unknown | Iran (ISLAMIC Republic Of) | 48359 | HESABGAR-ASIR | false |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 82.221.103.244 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | AsyncRAT, RedLine | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| daisy.ubuntu.com | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TCIIR | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Phorpiex | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Phorpiex, Xmrig | Browse |
| ||
| Get hash | malicious | Okiru | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| TelmexColombiaSACO | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Gafgyt | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| OnlineSASFR | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Dorkbot | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AsyncRAT, Xmrig | Browse |
| ||
| Get hash | malicious | Socks5Systemz | Browse |
| ||
| Get hash | malicious | CryptOne, LummaC Stealer, Socks5Systemz | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| TelecomArgentinaSAAR | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Gafgyt | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
|
⊘No context
⊘No context
| Process: | /tmp/.i.elf |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 230 |
| Entropy (8bit): | 3.709552666863289 |
| Encrypted: | false |
| SSDEEP: | 6:iekrEcvwAsE5KlwSd4pzKaV6Lpms/a/1VCxGF:ur+m5MwSdIKaV6L1adVRF |
| MD5: | 2E667F43AE18CD1FE3C108641708A82C |
| SHA1: | 12B90DE2DA0FBCFE66F3D6130905E56C8D6A68D3 |
| SHA-256: | 6F721492E7A337C5B498A8F55F5EB7AC745AFF716D0B5B08EFF2C1B6B250F983 |
| SHA-512: | D2A0EE2509154EC1098994F38BE172F98F4150399C534A04D5C675D7C05630802225019F19344CC9070C576BC465A4FEB382AC7712DE6BF25E9244B54A9DB830 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | /tmp/.i.elf |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12 |
| Entropy (8bit): | 3.2516291673878226 |
| Encrypted: | false |
| SSDEEP: | 3:TgLxl:TgLj |
| MD5: | E4B87097E4B36E14500B9CE57C45EA25 |
| SHA1: | DE3D58C12CA45D58E41455D0B693AF835D7F7361 |
| SHA-256: | 7AD8A46FA4EADA251D0628721EEA0DE6EA917EC6B820146172179FFA68FC44A8 |
| SHA-512: | 53CD8469E5F84281D446318E05BBA7B4A0D93FBF7567B663E875E9BBE95453E83E1C233140DBEBFC50C64F981CF1C007A1A573C508AE676BBE78F07C38DA4D43 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.979555877636912 |
| TrID: |
|
| File name: | .i.elf |
| File size: | 84'196 bytes |
| MD5: | 7ef98571a0946df25cc7d5d1ba272ce3 |
| SHA1: | 6683862f67caa4290ccf55aaeecfd36380104b47 |
| SHA256: | b69025d793ff554572590f3d8f0c1469930f0e8e554aeb48d4d3485f44e54188 |
| SHA512: | 4a0fb68a8fa887083650f8cc8cef23da1e7c92c4f8ebc895eb2b847fa1a9ce8f35da07e4d21ab27ce3c611d1f696e3bab759462e33e70aa36d550fadbc997d9f |
| SSDEEP: | 1536:yYI0ARqw1qAEW67UIWi7M8gmfmJo0WgswnD6Efyq8PxlRkp2K3/J1V+uBNV:yYI0ARqw1qAEv7UIFM8oJorFquyjkRkT |
| TLSH: | 4F831229135514E9D62681F1D3FD1F84AD591F68CEE2EC157812BC99EE333AD3CC2618 |
| File Content Preview: | .ELF....................../....4.........4. ...(......................Bd..Bd.................G...G.................................................^.......?.E.h4...@b..) ..]..0...a.t<..mc.zy/..>..!c...gM\<j..W`xD'..}...\..].j.L.u...S..i...../..F...@`..'k. |
ELF header | |
|---|---|
| Class: | |
| Data: | |
| Version: | |
| Machine: | |
| Version Number: | |
| Type: | |
| OS/ABI: | |
| ABI Version: | 0 |
| Entry Point Address: | |
| Flags: | |
| ELF Header Size: | 52 |
| Program Header Offset: | 52 |
| Program Header Size: | 32 |
| Number of Program Headers: | 2 |
| Section Header Offset: | 0 |
| Section Header Size: | 40 |
| Number of Section Headers: | 0 |
| Header String Table Index: | 0 |
| Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
|---|---|---|---|---|---|---|---|---|---|---|---|
| LOAD | 0x0 | 0x100000 | 0x100000 | 0x14264 | 0x14264 | 7.9794 | 0x5 | R E | 0x10000 | ||
| LOAD | 0xa6c0 | 0x47a6c0 | 0x47a6c0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x10000 |
Download Network PCAP: filtered – full
| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-30T05:16:45.484699+0200 | 2826175 | ETPRO MALWARE Possible Hajime Beacon | 1 | 78.130.47.113 | 60362 | 192.168.2.14 | 53681 | UDP |
| 2025-03-30T05:16:49.289644+0200 | 2826175 | ETPRO MALWARE Possible Hajime Beacon | 1 | 78.130.47.113 | 60362 | 192.168.2.14 | 53681 | UDP |
| 2025-03-30T05:16:49.289669+0200 | 2826175 | ETPRO MALWARE Possible Hajime Beacon | 1 | 78.130.47.113 | 60362 | 192.168.2.14 | 53681 | UDP |
| 2025-03-30T05:17:42.264319+0200 | 2826175 | ETPRO MALWARE Possible Hajime Beacon | 1 | 2.187.250.83 | 23968 | 192.168.2.14 | 53681 | UDP |
| 2025-03-30T05:18:21.366372+0200 | 2826175 | ETPRO MALWARE Possible Hajime Beacon | 1 | 1.70.85.22 | 31041 | 192.168.2.14 | 53681 | UDP |
| 2025-03-30T05:18:28.363565+0200 | 2826175 | ETPRO MALWARE Possible Hajime Beacon | 1 | 5.36.121.116 | 26127 | 192.168.2.14 | 53681 | UDP |
| 2025-03-30T05:18:29.284968+0200 | 2826175 | ETPRO MALWARE Possible Hajime Beacon | 1 | 2.183.97.22 | 48979 | 192.168.2.14 | 53681 | UDP |
- Total Packets: 257
- 100 Ports have been hidden.
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 30, 2025 05:15:12.241229057 CEST | 46540 | 443 | 192.168.2.14 | 185.125.190.26 |
| Mar 30, 2025 05:15:43.471952915 CEST | 46540 | 443 | 192.168.2.14 | 185.125.190.26 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 30, 2025 05:15:08.171554089 CEST | 43519 | 53 | 192.168.2.14 | 8.8.8.8 |
| Mar 30, 2025 05:15:08.272833109 CEST | 53 | 43519 | 8.8.8.8 | 192.168.2.14 |
| Mar 30, 2025 05:15:08.274081945 CEST | 53681 | 6881 | 192.168.2.14 | 82.221.103.244 |
| Mar 30, 2025 05:15:08.275891066 CEST | 38355 | 53 | 192.168.2.14 | 8.8.8.8 |
| Mar 30, 2025 05:15:09.145694971 CEST | 53 | 38355 | 8.8.8.8 | 192.168.2.14 |
| Mar 30, 2025 05:15:09.146435022 CEST | 53681 | 6881 | 192.168.2.14 | 67.215.246.10 |
| Mar 30, 2025 05:15:09.310759068 CEST | 6881 | 53681 | 67.215.246.10 | 192.168.2.14 |
| Mar 30, 2025 05:15:09.998034000 CEST | 53681 | 6881 | 192.168.2.14 | 67.215.246.10 |
| Mar 30, 2025 05:15:10.161868095 CEST | 6881 | 53681 | 67.215.246.10 | 192.168.2.14 |
| Mar 30, 2025 05:15:10.164722919 CEST | 53681 | 56757 | 192.168.2.14 | 171.5.246.254 |
| Mar 30, 2025 05:15:10.165111065 CEST | 53681 | 27295 | 192.168.2.14 | 14.192.208.154 |
| Mar 30, 2025 05:15:10.165163040 CEST | 53681 | 64248 | 192.168.2.14 | 190.80.34.10 |
| Mar 30, 2025 05:15:10.165208101 CEST | 53681 | 26638 | 192.168.2.14 | 181.117.160.195 |
| Mar 30, 2025 05:15:10.165220976 CEST | 53681 | 24579 | 192.168.2.14 | 191.106.178.150 |
| Mar 30, 2025 05:15:10.516077042 CEST | 27295 | 53681 | 14.192.208.154 | 192.168.2.14 |
| Mar 30, 2025 05:15:10.563236952 CEST | 64248 | 53681 | 190.80.34.10 | 192.168.2.14 |
| Mar 30, 2025 05:15:25.987457037 CEST | 53681 | 27295 | 192.168.2.14 | 14.192.208.154 |
| Mar 30, 2025 05:15:26.378889084 CEST | 27295 | 53681 | 14.192.208.154 | 192.168.2.14 |
| Mar 30, 2025 05:15:26.379162073 CEST | 53681 | 24579 | 192.168.2.14 | 191.106.178.150 |
| Mar 30, 2025 05:15:26.379213095 CEST | 53681 | 46254 | 192.168.2.14 | 181.94.224.3 |
| Mar 30, 2025 05:15:26.379234076 CEST | 53681 | 56757 | 192.168.2.14 | 171.5.246.254 |
| Mar 30, 2025 05:15:26.379256010 CEST | 53681 | 26638 | 192.168.2.14 | 181.117.160.195 |
| Mar 30, 2025 05:15:26.379256010 CEST | 53681 | 2621 | 192.168.2.14 | 95.24.174.89 |
| Mar 30, 2025 05:15:26.585958958 CEST | 24579 | 53681 | 191.106.178.150 | 192.168.2.14 |
| Mar 30, 2025 05:15:26.641285896 CEST | 46254 | 53681 | 181.94.224.3 | 192.168.2.14 |
| Mar 30, 2025 05:15:48.990643978 CEST | 53681 | 24579 | 192.168.2.14 | 191.106.178.150 |
| Mar 30, 2025 05:15:49.289863110 CEST | 24579 | 53681 | 191.106.178.150 | 192.168.2.14 |
| Mar 30, 2025 05:15:49.290324926 CEST | 53681 | 26638 | 192.168.2.14 | 181.117.160.195 |
| Mar 30, 2025 05:15:49.290441036 CEST | 53681 | 2621 | 192.168.2.14 | 95.24.174.89 |
| Mar 30, 2025 05:15:49.290504932 CEST | 53681 | 56757 | 192.168.2.14 | 171.5.246.254 |
| Mar 30, 2025 05:15:52.875175953 CEST | 46254 | 53681 | 181.94.224.3 | 192.168.2.14 |
| Mar 30, 2025 05:15:52.878976107 CEST | 53681 | 46254 | 192.168.2.14 | 181.94.224.3 |
| Mar 30, 2025 05:16:00.986458063 CEST | 53681 | 2621 | 192.168.2.14 | 95.24.174.89 |
| Mar 30, 2025 05:16:00.986654997 CEST | 53681 | 48510 | 192.168.2.14 | 186.85.240.119 |
| Mar 30, 2025 05:16:02.989975929 CEST | 53681 | 6881 | 192.168.2.14 | 82.221.103.244 |
| Mar 30, 2025 05:16:02.992285967 CEST | 53681 | 6881 | 192.168.2.14 | 67.215.246.10 |
| Mar 30, 2025 05:16:03.151449919 CEST | 6881 | 53681 | 67.215.246.10 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.003050089 CEST | 53681 | 4691 | 192.168.2.14 | 176.208.33.175 |
| Mar 30, 2025 05:16:05.003187895 CEST | 53681 | 10733 | 192.168.2.14 | 46.242.11.50 |
| Mar 30, 2025 05:16:05.003207922 CEST | 53681 | 37000 | 192.168.2.14 | 157.48.129.127 |
| Mar 30, 2025 05:16:05.221151114 CEST | 10733 | 53681 | 46.242.11.50 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.221839905 CEST | 53681 | 33647 | 192.168.2.14 | 86.171.147.214 |
| Mar 30, 2025 05:16:05.221862078 CEST | 53681 | 45616 | 192.168.2.14 | 177.225.165.149 |
| Mar 30, 2025 05:16:05.221862078 CEST | 53681 | 9010 | 192.168.2.14 | 99.241.228.239 |
| Mar 30, 2025 05:16:05.221873045 CEST | 53681 | 6918 | 192.168.2.14 | 5.228.82.170 |
| Mar 30, 2025 05:16:05.221940041 CEST | 53681 | 6881 | 192.168.2.14 | 46.164.32.235 |
| Mar 30, 2025 05:16:05.221955061 CEST | 53681 | 6881 | 192.168.2.14 | 67.215.246.10 |
| Mar 30, 2025 05:16:05.276696920 CEST | 4691 | 53681 | 176.208.33.175 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.276928902 CEST | 53681 | 45616 | 192.168.2.14 | 177.225.165.149 |
| Mar 30, 2025 05:16:05.355436087 CEST | 9010 | 53681 | 99.241.228.239 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.381823063 CEST | 6881 | 53681 | 67.215.246.10 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.382163048 CEST | 53681 | 65432 | 192.168.2.14 | 184.22.37.201 |
| Mar 30, 2025 05:16:05.382178068 CEST | 53681 | 21292 | 192.168.2.14 | 200.63.41.32 |
| Mar 30, 2025 05:16:05.382203102 CEST | 53681 | 59772 | 192.168.2.14 | 186.13.122.39 |
| Mar 30, 2025 05:16:05.408149958 CEST | 33647 | 53681 | 86.171.147.214 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.428000927 CEST | 6881 | 53681 | 46.164.32.235 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.428411961 CEST | 45616 | 53681 | 177.225.165.149 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.446701050 CEST | 37000 | 53681 | 157.48.129.127 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.446923971 CEST | 53681 | 6891 | 192.168.2.14 | 185.177.124.180 |
| Mar 30, 2025 05:16:05.493632078 CEST | 45616 | 53681 | 177.225.165.149 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.493858099 CEST | 53681 | 60682 | 192.168.2.14 | 198.54.134.252 |
| Mar 30, 2025 05:16:05.630754948 CEST | 6891 | 53681 | 185.177.124.180 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.631043911 CEST | 53681 | 13299 | 192.168.2.14 | 173.220.61.10 |
| Mar 30, 2025 05:16:05.729290962 CEST | 60682 | 53681 | 198.54.134.252 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.729681015 CEST | 53681 | 43304 | 192.168.2.14 | 114.47.85.120 |
| Mar 30, 2025 05:16:05.733019114 CEST | 59772 | 53681 | 186.13.122.39 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.733211040 CEST | 53681 | 33647 | 192.168.2.14 | 86.171.147.214 |
| Mar 30, 2025 05:16:05.759025097 CEST | 13299 | 53681 | 173.220.61.10 | 192.168.2.14 |
| Mar 30, 2025 05:16:05.759200096 CEST | 53681 | 7772 | 192.168.2.14 | 60.143.71.74 |
| Mar 30, 2025 05:16:06.033731937 CEST | 43304 | 53681 | 114.47.85.120 | 192.168.2.14 |
| Mar 30, 2025 05:16:06.034002066 CEST | 53681 | 14480 | 192.168.2.14 | 154.47.28.136 |
| Mar 30, 2025 05:16:06.049684048 CEST | 7772 | 53681 | 60.143.71.74 | 192.168.2.14 |
| Mar 30, 2025 05:16:06.049863100 CEST | 53681 | 6880 | 192.168.2.14 | 154.202.132.183 |
| Mar 30, 2025 05:16:06.184293985 CEST | 6880 | 53681 | 154.202.132.183 | 192.168.2.14 |
| Mar 30, 2025 05:16:06.184729099 CEST | 53681 | 6881 | 192.168.2.14 | 94.158.12.211 |
| Mar 30, 2025 05:16:06.453054905 CEST | 6881 | 53681 | 94.158.12.211 | 192.168.2.14 |
| Mar 30, 2025 05:16:06.453474998 CEST | 53681 | 6889 | 192.168.2.14 | 178.84.39.173 |
| Mar 30, 2025 05:16:06.998682976 CEST | 53681 | 3000 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:16:09.001044989 CEST | 53681 | 9010 | 192.168.2.14 | 99.241.228.239 |
| Mar 30, 2025 05:16:09.155385017 CEST | 9010 | 53681 | 99.241.228.239 | 192.168.2.14 |
| Mar 30, 2025 05:16:10.002038002 CEST | 53681 | 3000 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:16:15.001631021 CEST | 53681 | 6881 | 192.168.2.14 | 67.215.246.10 |
| Mar 30, 2025 05:16:15.160687923 CEST | 6881 | 53681 | 67.215.246.10 | 192.168.2.14 |
| Mar 30, 2025 05:16:24.999366045 CEST | 53681 | 36253 | 192.168.2.14 | 195.154.179.2 |
| Mar 30, 2025 05:16:24.999372959 CEST | 53681 | 45355 | 192.168.2.14 | 24.236.101.34 |
| Mar 30, 2025 05:16:24.999448061 CEST | 53681 | 41060 | 192.168.2.14 | 80.250.231.164 |
| Mar 30, 2025 05:16:25.152805090 CEST | 45355 | 53681 | 24.236.101.34 | 192.168.2.14 |
| Mar 30, 2025 05:16:25.153251886 CEST | 53681 | 6918 | 192.168.2.14 | 5.228.82.170 |
| Mar 30, 2025 05:16:25.153251886 CEST | 53681 | 37000 | 192.168.2.14 | 157.48.129.127 |
| Mar 30, 2025 05:16:25.153278112 CEST | 53681 | 4691 | 192.168.2.14 | 176.208.33.175 |
| Mar 30, 2025 05:16:25.153278112 CEST | 53681 | 51413 | 192.168.2.14 | 49.238.6.193 |
| Mar 30, 2025 05:16:25.177885056 CEST | 36253 | 53681 | 195.154.179.2 | 192.168.2.14 |
| Mar 30, 2025 05:16:25.178189039 CEST | 53681 | 51413 | 192.168.2.14 | 126.28.199.235 |
| Mar 30, 2025 05:16:25.222078085 CEST | 41060 | 53681 | 80.250.231.164 | 192.168.2.14 |
| Mar 30, 2025 05:16:25.222527981 CEST | 53681 | 10250 | 192.168.2.14 | 178.174.239.249 |
| Mar 30, 2025 05:16:25.369081974 CEST | 6918 | 53681 | 5.228.82.170 | 192.168.2.14 |
| Mar 30, 2025 05:16:25.422470093 CEST | 4691 | 53681 | 176.208.33.175 | 192.168.2.14 |
| Mar 30, 2025 05:16:25.427231073 CEST | 10250 | 53681 | 178.174.239.249 | 192.168.2.14 |
| Mar 30, 2025 05:16:25.427453041 CEST | 53681 | 44623 | 192.168.2.14 | 178.234.62.199 |
| Mar 30, 2025 05:16:25.450444937 CEST | 51413 | 53681 | 49.238.6.193 | 192.168.2.14 |
| Mar 30, 2025 05:16:25.450725079 CEST | 53681 | 38570 | 192.168.2.14 | 188.241.80.69 |
| Mar 30, 2025 05:16:25.462095022 CEST | 51413 | 53681 | 126.28.199.235 | 192.168.2.14 |
| Mar 30, 2025 05:16:25.462275028 CEST | 53681 | 49001 | 192.168.2.14 | 188.18.37.187 |
| Mar 30, 2025 05:16:25.644795895 CEST | 44623 | 53681 | 178.234.62.199 | 192.168.2.14 |
| Mar 30, 2025 05:16:25.645162106 CEST | 53681 | 5870 | 192.168.2.14 | 62.210.181.41 |
| Mar 30, 2025 05:16:25.715766907 CEST | 49001 | 53681 | 188.18.37.187 | 192.168.2.14 |
| Mar 30, 2025 05:16:25.716275930 CEST | 53681 | 52767 | 192.168.2.14 | 174.106.248.226 |
| Mar 30, 2025 05:16:25.841084957 CEST | 38570 | 53681 | 188.241.80.69 | 192.168.2.14 |
| Mar 30, 2025 05:16:25.841660976 CEST | 53681 | 8687 | 192.168.2.14 | 116.226.31.175 |
| Mar 30, 2025 05:16:26.991781950 CEST | 53681 | 7489 | 192.168.2.14 | 185.142.92.10 |
| Mar 30, 2025 05:16:29.992471933 CEST | 53681 | 2621 | 192.168.2.14 | 95.24.174.89 |
| Mar 30, 2025 05:16:29.992480040 CEST | 53681 | 19850 | 192.168.2.14 | 92.141.177.229 |
| Mar 30, 2025 05:16:29.992683887 CEST | 53681 | 7489 | 192.168.2.14 | 185.142.92.10 |
| Mar 30, 2025 05:16:30.190963984 CEST | 19850 | 53681 | 92.141.177.229 | 192.168.2.14 |
| Mar 30, 2025 05:16:30.191418886 CEST | 53681 | 65432 | 192.168.2.14 | 184.22.37.201 |
| Mar 30, 2025 05:16:30.555876017 CEST | 65432 | 53681 | 184.22.37.201 | 192.168.2.14 |
| Mar 30, 2025 05:16:38.982534885 CEST | 53681 | 6818 | 192.168.2.14 | 209.38.196.30 |
| Mar 30, 2025 05:16:41.982475042 CEST | 53681 | 6818 | 192.168.2.14 | 209.38.196.30 |
| Mar 30, 2025 05:16:42.231765985 CEST | 6818 | 53681 | 209.38.196.30 | 192.168.2.14 |
| Mar 30, 2025 05:16:42.231781960 CEST | 6818 | 53681 | 209.38.196.30 | 192.168.2.14 |
| Mar 30, 2025 05:16:42.237227917 CEST | 53681 | 6818 | 192.168.2.14 | 209.38.196.30 |
| Mar 30, 2025 05:16:42.237469912 CEST | 53681 | 6818 | 192.168.2.14 | 209.38.196.30 |
| Mar 30, 2025 05:16:42.239485025 CEST | 53681 | 6818 | 192.168.2.14 | 209.38.196.30 |
| Mar 30, 2025 05:16:44.996448040 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:45.484699011 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:45.485194921 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:45.927988052 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:45.935260057 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:45.964736938 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:45.964809895 CEST | 53681 | 20230 | 192.168.2.14 | 14.154.2.243 |
| Mar 30, 2025 05:16:45.964941025 CEST | 53681 | 55220 | 192.168.2.14 | 178.235.189.68 |
| Mar 30, 2025 05:16:45.964941025 CEST | 53681 | 54768 | 192.168.2.14 | 186.99.137.5 |
| Mar 30, 2025 05:16:46.460423946 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:46.580041885 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:46.609589100 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:46.609860897 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:46.827452898 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:49.056077957 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:49.056168079 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:49.058927059 CEST | 38074 | 53 | 192.168.2.14 | 8.8.8.8 |
| Mar 30, 2025 05:16:49.157768965 CEST | 53 | 38074 | 8.8.8.8 | 192.168.2.14 |
| Mar 30, 2025 05:16:49.158363104 CEST | 53681 | 6881 | 192.168.2.14 | 82.221.103.244 |
| Mar 30, 2025 05:16:49.161719084 CEST | 53681 | 6881 | 192.168.2.14 | 67.215.246.10 |
| Mar 30, 2025 05:16:49.289644003 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:49.289669037 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:49.289958954 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:49.290075064 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:49.323270082 CEST | 6881 | 53681 | 67.215.246.10 | 192.168.2.14 |
| Mar 30, 2025 05:16:49.710856915 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:49.715580940 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:49.738234043 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:49.854486942 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:49.854516029 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:49.879597902 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:50.159018993 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:50.159065008 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:50.260015011 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:50.260015965 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:50.427088976 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:50.427246094 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:50.427546978 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:50.427654028 CEST | 53681 | 60362 | 192.168.2.14 | 78.130.47.113 |
| Mar 30, 2025 05:16:50.879056931 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:50.879106045 CEST | 60362 | 53681 | 78.130.47.113 | 192.168.2.14 |
| Mar 30, 2025 05:16:50.980578899 CEST | 53681 | 46254 | 192.168.2.14 | 181.94.224.3 |
| Mar 30, 2025 05:16:50.980796099 CEST | 53681 | 55842 | 192.168.2.14 | 178.136.195.90 |
| Mar 30, 2025 05:16:52.983396053 CEST | 53681 | 6881 | 192.168.2.14 | 46.164.32.235 |
| Mar 30, 2025 05:16:52.983560085 CEST | 53681 | 4691 | 192.168.2.14 | 176.208.33.175 |
| Mar 30, 2025 05:16:52.983592987 CEST | 53681 | 6918 | 192.168.2.14 | 5.228.82.170 |
| Mar 30, 2025 05:16:52.983561039 CEST | 53681 | 38570 | 192.168.2.14 | 188.241.80.69 |
| Mar 30, 2025 05:16:52.983762980 CEST | 53681 | 10733 | 192.168.2.14 | 46.242.11.50 |
| Mar 30, 2025 05:16:52.983882904 CEST | 53681 | 33647 | 192.168.2.14 | 86.171.147.214 |
| Mar 30, 2025 05:16:52.983985901 CEST | 53681 | 6918 | 192.168.2.14 | 5.228.82.170 |
| Mar 30, 2025 05:16:53.187868118 CEST | 10733 | 53681 | 46.242.11.50 | 192.168.2.14 |
| Mar 30, 2025 05:16:53.188669920 CEST | 53681 | 37000 | 192.168.2.14 | 157.48.129.127 |
| Mar 30, 2025 05:16:53.188671112 CEST | 53681 | 37000 | 192.168.2.14 | 157.48.129.127 |
| Mar 30, 2025 05:16:53.188779116 CEST | 53681 | 43193 | 192.168.2.14 | 188.244.253.33 |
| Mar 30, 2025 05:16:53.189342022 CEST | 6881 | 53681 | 46.164.32.235 | 192.168.2.14 |
| Mar 30, 2025 05:16:53.189959049 CEST | 53681 | 37000 | 192.168.2.14 | 157.48.129.127 |
| Mar 30, 2025 05:16:53.190155029 CEST | 53681 | 41498 | 192.168.2.14 | 24.144.47.156 |
| Mar 30, 2025 05:16:53.200689077 CEST | 6918 | 53681 | 5.228.82.170 | 192.168.2.14 |
| Mar 30, 2025 05:16:53.200829029 CEST | 6918 | 53681 | 5.228.82.170 | 192.168.2.14 |
| Mar 30, 2025 05:16:53.201359987 CEST | 53681 | 34379 | 192.168.2.14 | 31.181.35.148 |
| Mar 30, 2025 05:16:53.201585054 CEST | 53681 | 51407 | 192.168.2.14 | 178.45.141.58 |
| Mar 30, 2025 05:16:53.251635075 CEST | 4691 | 53681 | 176.208.33.175 | 192.168.2.14 |
| Mar 30, 2025 05:16:53.252345085 CEST | 53681 | 47593 | 192.168.2.14 | 46.72.53.228 |
| Mar 30, 2025 05:16:53.339199066 CEST | 41498 | 53681 | 24.144.47.156 | 192.168.2.14 |
| Mar 30, 2025 05:16:53.374598980 CEST | 38570 | 53681 | 188.241.80.69 | 192.168.2.14 |
| Mar 30, 2025 05:16:53.454415083 CEST | 43193 | 53681 | 188.244.253.33 | 192.168.2.14 |
| Mar 30, 2025 05:16:53.484487057 CEST | 47593 | 53681 | 46.72.53.228 | 192.168.2.14 |
| Mar 30, 2025 05:16:53.485306978 CEST | 53681 | 17613 | 192.168.2.14 | 38.21.51.103 |
| Mar 30, 2025 05:16:53.513560057 CEST | 51407 | 53681 | 178.45.141.58 | 192.168.2.14 |
| Mar 30, 2025 05:16:53.514256001 CEST | 53681 | 40924 | 192.168.2.14 | 176.124.146.189 |
| Mar 30, 2025 05:16:53.622785091 CEST | 17613 | 53681 | 38.21.51.103 | 192.168.2.14 |
| Mar 30, 2025 05:16:53.625593901 CEST | 53681 | 58780 | 192.168.2.14 | 37.135.84.122 |
| Mar 30, 2025 05:16:53.989567041 CEST | 53681 | 55842 | 192.168.2.14 | 178.136.195.90 |
| Mar 30, 2025 05:16:54.669481039 CEST | 37000 | 53681 | 157.48.129.127 | 192.168.2.14 |
| Mar 30, 2025 05:16:54.670402050 CEST | 53681 | 54155 | 192.168.2.14 | 179.66.142.220 |
| Mar 30, 2025 05:16:54.897459984 CEST | 54155 | 53681 | 179.66.142.220 | 192.168.2.14 |
| Mar 30, 2025 05:16:54.898053885 CEST | 53681 | 6881 | 192.168.2.14 | 2.57.84.131 |
| Mar 30, 2025 05:16:55.121151924 CEST | 6881 | 53681 | 2.57.84.131 | 192.168.2.14 |
| Mar 30, 2025 05:16:55.121815920 CEST | 53681 | 51413 | 192.168.2.14 | 46.55.162.39 |
| Mar 30, 2025 05:16:55.336131096 CEST | 51413 | 53681 | 46.55.162.39 | 192.168.2.14 |
| Mar 30, 2025 05:16:55.336709023 CEST | 53681 | 49966 | 192.168.2.14 | 91.160.161.82 |
| Mar 30, 2025 05:16:55.516597986 CEST | 49966 | 53681 | 91.160.161.82 | 192.168.2.14 |
| Mar 30, 2025 05:16:55.517262936 CEST | 53681 | 49700 | 192.168.2.14 | 24.236.195.109 |
| Mar 30, 2025 05:16:55.645342112 CEST | 49700 | 53681 | 24.236.195.109 | 192.168.2.14 |
| Mar 30, 2025 05:16:55.645881891 CEST | 53681 | 11209 | 192.168.2.14 | 163.172.75.19 |
| Mar 30, 2025 05:16:55.815265894 CEST | 11209 | 53681 | 163.172.75.19 | 192.168.2.14 |
| Mar 30, 2025 05:16:55.815951109 CEST | 53681 | 6889 | 192.168.2.14 | 91.20.28.53 |
| Mar 30, 2025 05:16:56.016087055 CEST | 6889 | 53681 | 91.20.28.53 | 192.168.2.14 |
| Mar 30, 2025 05:16:56.016777992 CEST | 53681 | 7095 | 192.168.2.14 | 89.134.18.40 |
| Mar 30, 2025 05:16:56.231417894 CEST | 7095 | 53681 | 89.134.18.40 | 192.168.2.14 |
| Mar 30, 2025 05:16:56.232204914 CEST | 53681 | 17600 | 192.168.2.14 | 185.106.59.29 |
| Mar 30, 2025 05:16:56.479435921 CEST | 17600 | 53681 | 185.106.59.29 | 192.168.2.14 |
| Mar 30, 2025 05:16:56.479784012 CEST | 53681 | 1261 | 192.168.2.14 | 193.226.238.212 |
| Mar 30, 2025 05:16:56.670624971 CEST | 1261 | 53681 | 193.226.238.212 | 192.168.2.14 |
| Mar 30, 2025 05:16:56.671081066 CEST | 53681 | 55707 | 192.168.2.14 | 184.75.221.180 |
| Mar 30, 2025 05:16:56.779063940 CEST | 55707 | 53681 | 184.75.221.180 | 192.168.2.14 |
| Mar 30, 2025 05:16:56.779752016 CEST | 53681 | 62370 | 192.168.2.14 | 83.255.190.106 |
| Mar 30, 2025 05:16:56.982347012 CEST | 53681 | 3003 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:16:56.998418093 CEST | 62370 | 53681 | 83.255.190.106 | 192.168.2.14 |
| Mar 30, 2025 05:16:56.999212980 CEST | 53681 | 35731 | 192.168.2.14 | 73.89.252.123 |
| Mar 30, 2025 05:16:57.127403021 CEST | 35731 | 53681 | 73.89.252.123 | 192.168.2.14 |
| Mar 30, 2025 05:16:57.128113031 CEST | 53681 | 37344 | 192.168.2.14 | 45.228.212.46 |
| Mar 30, 2025 05:16:57.167285919 CEST | 3003 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:16:57.167830944 CEST | 53681 | 3003 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:16:57.412511110 CEST | 37344 | 53681 | 45.228.212.46 | 192.168.2.14 |
| Mar 30, 2025 05:16:57.413429022 CEST | 53681 | 55197 | 192.168.2.14 | 72.21.17.51 |
| Mar 30, 2025 05:16:57.523161888 CEST | 55197 | 53681 | 72.21.17.51 | 192.168.2.14 |
| Mar 30, 2025 05:16:57.523807049 CEST | 53681 | 6881 | 192.168.2.14 | 85.220.32.111 |
| Mar 30, 2025 05:16:57.726223946 CEST | 53681 | 3003 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:16:57.740391970 CEST | 6881 | 53681 | 85.220.32.111 | 192.168.2.14 |
| Mar 30, 2025 05:16:57.741365910 CEST | 53681 | 3585 | 192.168.2.14 | 91.223.75.159 |
| Mar 30, 2025 05:16:57.937683105 CEST | 3585 | 53681 | 91.223.75.159 | 192.168.2.14 |
| Mar 30, 2025 05:16:57.938247919 CEST | 53681 | 12275 | 192.168.2.14 | 117.29.90.74 |
| Mar 30, 2025 05:16:58.848809004 CEST | 53681 | 3003 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:16:59.054068089 CEST | 3003 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:16:59.054097891 CEST | 3003 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:16:59.054609060 CEST | 53681 | 3003 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:16:59.090696096 CEST | 53681 | 3003 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:16:59.238137960 CEST | 3003 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:16:59.238662958 CEST | 53681 | 3003 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:16:59.280275106 CEST | 3003 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:16:59.280553102 CEST | 3003 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:16:59.280944109 CEST | 53681 | 3003 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:17:00.244463921 CEST | 3003 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:17:00.245886087 CEST | 53681 | 3003 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:17:01.984971046 CEST | 53681 | 20230 | 192.168.2.14 | 14.154.2.243 |
| Mar 30, 2025 05:17:01.985003948 CEST | 53681 | 55220 | 192.168.2.14 | 178.235.189.68 |
| Mar 30, 2025 05:17:01.985061884 CEST | 53681 | 54768 | 192.168.2.14 | 186.99.137.5 |
| Mar 30, 2025 05:17:02.996305943 CEST | 53681 | 64248 | 192.168.2.14 | 190.80.34.10 |
| Mar 30, 2025 05:17:02.996475935 CEST | 53681 | 7799 | 192.168.2.14 | 54.215.207.56 |
| Mar 30, 2025 05:17:03.231420040 CEST | 64248 | 53681 | 190.80.34.10 | 192.168.2.14 |
| Mar 30, 2025 05:17:03.231915951 CEST | 53681 | 28013 | 192.168.2.14 | 5.79.83.114 |
| Mar 30, 2025 05:17:03.231937885 CEST | 53681 | 21292 | 192.168.2.14 | 200.63.41.32 |
| Mar 30, 2025 05:17:03.413820028 CEST | 28013 | 53681 | 5.79.83.114 | 192.168.2.14 |
| Mar 30, 2025 05:17:05.998195887 CEST | 53681 | 7799 | 192.168.2.14 | 54.215.207.56 |
| Mar 30, 2025 05:17:10.988171101 CEST | 53681 | 24701 | 192.168.2.14 | 183.136.216.92 |
| Mar 30, 2025 05:17:10.988207102 CEST | 53681 | 2114 | 192.168.2.14 | 95.25.136.19 |
| Mar 30, 2025 05:17:10.988300085 CEST | 53681 | 39528 | 192.168.2.14 | 68.112.204.176 |
| Mar 30, 2025 05:17:10.988337040 CEST | 53681 | 53562 | 192.168.2.14 | 83.30.191.10 |
| Mar 30, 2025 05:17:10.988395929 CEST | 53681 | 6881 | 192.168.2.14 | 165.73.62.152 |
| Mar 30, 2025 05:17:10.988501072 CEST | 53681 | 22636 | 192.168.2.14 | 41.121.126.152 |
| Mar 30, 2025 05:17:11.144529104 CEST | 39528 | 53681 | 68.112.204.176 | 192.168.2.14 |
| Mar 30, 2025 05:17:11.145170927 CEST | 53681 | 32958 | 192.168.2.14 | 112.172.103.191 |
| Mar 30, 2025 05:17:11.145261049 CEST | 53681 | 1089 | 192.168.2.14 | 46.188.124.64 |
| Mar 30, 2025 05:17:11.221026897 CEST | 2114 | 53681 | 95.25.136.19 | 192.168.2.14 |
| Mar 30, 2025 05:17:11.221602917 CEST | 53681 | 6998 | 192.168.2.14 | 23.94.134.189 |
| Mar 30, 2025 05:17:11.330545902 CEST | 6881 | 53681 | 165.73.62.152 | 192.168.2.14 |
| Mar 30, 2025 05:17:11.331068039 CEST | 53681 | 6881 | 192.168.2.14 | 181.2.131.22 |
| Mar 30, 2025 05:17:11.375925064 CEST | 1089 | 53681 | 46.188.124.64 | 192.168.2.14 |
| Mar 30, 2025 05:17:11.376127005 CEST | 53681 | 41411 | 192.168.2.14 | 91.238.170.107 |
| Mar 30, 2025 05:17:11.405056000 CEST | 6998 | 53681 | 23.94.134.189 | 192.168.2.14 |
| Mar 30, 2025 05:17:11.405199051 CEST | 53681 | 51413 | 192.168.2.14 | 88.112.74.121 |
| Mar 30, 2025 05:17:11.572352886 CEST | 6881 | 53681 | 181.2.131.22 | 192.168.2.14 |
| Mar 30, 2025 05:17:11.572849989 CEST | 53681 | 6813 | 192.168.2.14 | 177.25.126.152 |
| Mar 30, 2025 05:17:11.614897966 CEST | 41411 | 53681 | 91.238.170.107 | 192.168.2.14 |
| Mar 30, 2025 05:17:11.615297079 CEST | 53681 | 48367 | 192.168.2.14 | 95.24.127.125 |
| Mar 30, 2025 05:17:11.629786015 CEST | 51413 | 53681 | 88.112.74.121 | 192.168.2.14 |
| Mar 30, 2025 05:17:11.630295992 CEST | 53681 | 6827 | 192.168.2.14 | 85.174.205.16 |
| Mar 30, 2025 05:17:11.879328966 CEST | 6827 | 53681 | 85.174.205.16 | 192.168.2.14 |
| Mar 30, 2025 05:17:11.880022049 CEST | 53681 | 42009 | 192.168.2.14 | 91.170.58.143 |
| Mar 30, 2025 05:17:12.991183996 CEST | 53681 | 3005 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:17:13.709909916 CEST | 3005 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:17:13.710431099 CEST | 53681 | 3005 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:17:14.982208967 CEST | 53681 | 64248 | 192.168.2.14 | 190.80.34.10 |
| Mar 30, 2025 05:17:14.982404947 CEST | 53681 | 54377 | 192.168.2.14 | 146.241.177.235 |
| Mar 30, 2025 05:17:15.326617002 CEST | 64248 | 53681 | 190.80.34.10 | 192.168.2.14 |
| Mar 30, 2025 05:17:15.871037006 CEST | 53681 | 3005 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:17:16.465008974 CEST | 3005 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:17:16.465035915 CEST | 3005 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:17:16.465182066 CEST | 3005 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:17:16.465487003 CEST | 53681 | 3005 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:17:16.500549078 CEST | 53681 | 3005 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:17:16.500612020 CEST | 53681 | 3005 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:17:17.522449017 CEST | 3005 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:17:17.987634897 CEST | 53681 | 54377 | 192.168.2.14 | 146.241.177.235 |
| Mar 30, 2025 05:17:18.471538067 CEST | 3005 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:17:18.471612930 CEST | 3005 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:17:18.471957922 CEST | 53681 | 3005 | 192.168.2.14 | 154.205.157.45 |
| Mar 30, 2025 05:17:18.481347084 CEST | 3005 | 53681 | 154.205.157.45 | 192.168.2.14 |
| Mar 30, 2025 05:17:22.994457006 CEST | 53681 | 20230 | 192.168.2.14 | 14.154.2.243 |
| Mar 30, 2025 05:17:22.994482040 CEST | 53681 | 55220 | 192.168.2.14 | 178.235.189.68 |
| Mar 30, 2025 05:17:22.994560003 CEST | 53681 | 54768 | 192.168.2.14 | 186.99.137.5 |
| Mar 30, 2025 05:17:26.979971886 CEST | 53681 | 13747 | 192.168.2.14 | 168.232.12.86 |
| Mar 30, 2025 05:17:29.998414040 CEST | 53681 | 13747 | 192.168.2.14 | 168.232.12.86 |
| Mar 30, 2025 05:17:32.981924057 CEST | 53681 | 3468 | 192.168.2.14 | 106.210.128.151 |
| Mar 30, 2025 05:17:32.981944084 CEST | 53681 | 45717 | 192.168.2.14 | 84.153.232.48 |
| Mar 30, 2025 05:17:32.982033014 CEST | 53681 | 22800 | 192.168.2.14 | 212.15.57.45 |
| Mar 30, 2025 05:17:32.982050896 CEST | 53681 | 11244 | 192.168.2.14 | 195.7.12.14 |
| Mar 30, 2025 05:17:32.982052088 CEST | 53681 | 64158 | 192.168.2.14 | 91.247.76.14 |
| Mar 30, 2025 05:17:32.982094049 CEST | 53681 | 53562 | 192.168.2.14 | 83.30.191.10 |
| Mar 30, 2025 05:17:34.981225967 CEST | 53681 | 46254 | 192.168.2.14 | 181.94.224.3 |
| Mar 30, 2025 05:17:35.241503954 CEST | 46254 | 53681 | 181.94.224.3 | 192.168.2.14 |
| Mar 30, 2025 05:17:35.242089987 CEST | 53681 | 21292 | 192.168.2.14 | 200.63.41.32 |
| Mar 30, 2025 05:17:38.995009899 CEST | 53681 | 23968 | 192.168.2.14 | 2.187.250.83 |
| Mar 30, 2025 05:17:40.996510029 CEST | 53681 | 6881 | 192.168.2.14 | 75.73.138.48 |
| Mar 30, 2025 05:17:40.996583939 CEST | 53681 | 18839 | 192.168.2.14 | 58.62.33.80 |
| Mar 30, 2025 05:17:40.996654987 CEST | 53681 | 22646 | 192.168.2.14 | 182.105.243.206 |
| Mar 30, 2025 05:17:42.008343935 CEST | 53681 | 23968 | 192.168.2.14 | 2.187.250.83 |
| Mar 30, 2025 05:17:42.264318943 CEST | 23968 | 53681 | 2.187.250.83 | 192.168.2.14 |
| Mar 30, 2025 05:17:42.265151978 CEST | 53681 | 23968 | 192.168.2.14 | 2.187.250.83 |
| Mar 30, 2025 05:17:42.265151978 CEST | 53681 | 23968 | 192.168.2.14 | 2.187.250.83 |
| Mar 30, 2025 05:17:42.707452059 CEST | 23968 | 53681 | 2.187.250.83 | 192.168.2.14 |
| Mar 30, 2025 05:17:42.707484961 CEST | 23968 | 53681 | 2.187.250.83 | 192.168.2.14 |
| Mar 30, 2025 05:17:42.817766905 CEST | 23968 | 53681 | 2.187.250.83 | 192.168.2.14 |
| Mar 30, 2025 05:17:43.990346909 CEST | 53681 | 9010 | 192.168.2.14 | 99.241.228.239 |
| Mar 30, 2025 05:17:44.140678883 CEST | 9010 | 53681 | 99.241.228.239 | 192.168.2.14 |
| Mar 30, 2025 05:17:45.272080898 CEST | 53681 | 23968 | 192.168.2.14 | 2.187.250.83 |
| Mar 30, 2025 05:17:45.626820087 CEST | 23968 | 53681 | 2.187.250.83 | 192.168.2.14 |
| Mar 30, 2025 05:17:47.297559023 CEST | 43323 | 53 | 192.168.2.14 | 8.8.8.8 |
| Mar 30, 2025 05:17:47.297683001 CEST | 57104 | 53 | 192.168.2.14 | 8.8.8.8 |
| Mar 30, 2025 05:17:47.395878077 CEST | 53 | 57104 | 8.8.8.8 | 192.168.2.14 |
| Mar 30, 2025 05:17:47.395908117 CEST | 53 | 43323 | 8.8.8.8 | 192.168.2.14 |
| Mar 30, 2025 05:17:51.280337095 CEST | 53681 | 23968 | 192.168.2.14 | 2.187.250.83 |
| Mar 30, 2025 05:17:51.605714083 CEST | 23968 | 53681 | 2.187.250.83 | 192.168.2.14 |
| Mar 30, 2025 05:17:51.716392994 CEST | 23968 | 53681 | 2.187.250.83 | 192.168.2.14 |
| Mar 30, 2025 05:17:51.978178978 CEST | 53681 | 53562 | 192.168.2.14 | 83.30.191.10 |
| Mar 30, 2025 05:17:51.978184938 CEST | 53681 | 45717 | 192.168.2.14 | 84.153.232.48 |
| Mar 30, 2025 05:17:51.978188992 CEST | 53681 | 3468 | 192.168.2.14 | 106.210.128.151 |
| Mar 30, 2025 05:17:51.978202105 CEST | 53681 | 22800 | 192.168.2.14 | 212.15.57.45 |
| Mar 30, 2025 05:17:51.978203058 CEST | 53681 | 11244 | 192.168.2.14 | 195.7.12.14 |
| Mar 30, 2025 05:17:51.978203058 CEST | 53681 | 64158 | 192.168.2.14 | 91.247.76.14 |
| Mar 30, 2025 05:17:52.260888100 CEST | 22800 | 53681 | 212.15.57.45 | 192.168.2.14 |
| Mar 30, 2025 05:17:52.261243105 CEST | 53681 | 32958 | 192.168.2.14 | 112.172.103.191 |
| Mar 30, 2025 05:17:52.261244059 CEST | 53681 | 32958 | 192.168.2.14 | 112.172.103.191 |
| Mar 30, 2025 05:17:52.261245012 CEST | 53681 | 22800 | 192.168.2.14 | 212.15.57.45 |
| Mar 30, 2025 05:17:52.526149035 CEST | 22800 | 53681 | 212.15.57.45 | 192.168.2.14 |
| Mar 30, 2025 05:18:01.980202913 CEST | 53681 | 6881 | 192.168.2.14 | 75.73.138.48 |
| Mar 30, 2025 05:18:01.980209112 CEST | 53681 | 18839 | 192.168.2.14 | 58.62.33.80 |
| Mar 30, 2025 05:18:01.980215073 CEST | 53681 | 22646 | 192.168.2.14 | 182.105.243.206 |
| Mar 30, 2025 05:18:03.291285038 CEST | 53681 | 23968 | 192.168.2.14 | 2.187.250.83 |
| Mar 30, 2025 05:18:03.627377033 CEST | 23968 | 53681 | 2.187.250.83 | 192.168.2.14 |
| Mar 30, 2025 05:18:03.810888052 CEST | 23968 | 53681 | 2.187.250.83 | 192.168.2.14 |
| Mar 30, 2025 05:18:06.980051994 CEST | 53681 | 46254 | 192.168.2.14 | 181.94.224.3 |
| Mar 30, 2025 05:18:07.237591982 CEST | 46254 | 53681 | 181.94.224.3 | 192.168.2.14 |
| Mar 30, 2025 05:18:07.238466024 CEST | 53681 | 6892 | 192.168.2.14 | 180.97.50.214 |
| Mar 30, 2025 05:18:10.990278959 CEST | 53681 | 6881 | 192.168.2.14 | 178.85.29.181 |
| Mar 30, 2025 05:18:10.990292072 CEST | 53681 | 56259 | 192.168.2.14 | 41.225.138.217 |
| Mar 30, 2025 05:18:10.990291119 CEST | 53681 | 45717 | 192.168.2.14 | 84.153.232.48 |
| Mar 30, 2025 05:18:10.990299940 CEST | 53681 | 11244 | 192.168.2.14 | 195.7.12.14 |
| Mar 30, 2025 05:18:10.990300894 CEST | 53681 | 64158 | 192.168.2.14 | 91.247.76.14 |
| Mar 30, 2025 05:18:10.990315914 CEST | 53681 | 6881 | 192.168.2.14 | 178.206.139.151 |
| Mar 30, 2025 05:18:11.220427990 CEST | 6881 | 53681 | 178.206.139.151 | 192.168.2.14 |
| Mar 30, 2025 05:18:11.220578909 CEST | 53681 | 32958 | 192.168.2.14 | 112.172.103.191 |
| Mar 30, 2025 05:18:11.275199890 CEST | 23968 | 53681 | 2.187.250.83 | 192.168.2.14 |
| Mar 30, 2025 05:18:12.990685940 CEST | 53681 | 55196 | 192.168.2.14 | 138.255.223.9 |
| Mar 30, 2025 05:18:13.978818893 CEST | 53681 | 46254 | 192.168.2.14 | 181.94.224.3 |
| Mar 30, 2025 05:18:14.247345924 CEST | 46254 | 53681 | 181.94.224.3 | 192.168.2.14 |
| Mar 30, 2025 05:18:16.007714033 CEST | 53681 | 55196 | 192.168.2.14 | 138.255.223.9 |
| Mar 30, 2025 05:18:19.981914997 CEST | 53681 | 6881 | 192.168.2.14 | 75.73.138.48 |
| Mar 30, 2025 05:18:19.981940031 CEST | 53681 | 28013 | 192.168.2.14 | 5.79.83.114 |
| Mar 30, 2025 05:18:19.981964111 CEST | 53681 | 18839 | 192.168.2.14 | 58.62.33.80 |
| Mar 30, 2025 05:18:19.981970072 CEST | 53681 | 22646 | 192.168.2.14 | 182.105.243.206 |
| Mar 30, 2025 05:18:20.170854092 CEST | 28013 | 53681 | 5.79.83.114 | 192.168.2.14 |
| Mar 30, 2025 05:18:20.334841967 CEST | 22646 | 53681 | 182.105.243.206 | 192.168.2.14 |
| Mar 30, 2025 05:18:20.335565090 CEST | 53681 | 2988 | 192.168.2.14 | 176.241.84.131 |
| Mar 30, 2025 05:18:20.982690096 CEST | 53681 | 31041 | 192.168.2.14 | 1.70.85.22 |
| Mar 30, 2025 05:18:21.366372108 CEST | 31041 | 53681 | 1.70.85.22 | 192.168.2.14 |
| Mar 30, 2025 05:18:21.367055893 CEST | 53681 | 31041 | 192.168.2.14 | 1.70.85.22 |
| Mar 30, 2025 05:18:21.799184084 CEST | 31041 | 53681 | 1.70.85.22 | 192.168.2.14 |
| Mar 30, 2025 05:18:21.857898951 CEST | 31041 | 53681 | 1.70.85.22 | 192.168.2.14 |
| Mar 30, 2025 05:18:21.858685017 CEST | 53681 | 31041 | 192.168.2.14 | 1.70.85.22 |
| Mar 30, 2025 05:18:22.348001957 CEST | 31041 | 53681 | 1.70.85.22 | 192.168.2.14 |
| Mar 30, 2025 05:18:23.585546970 CEST | 31041 | 53681 | 1.70.85.22 | 192.168.2.14 |
| Mar 30, 2025 05:18:23.647958994 CEST | 53681 | 31041 | 192.168.2.14 | 1.70.85.22 |
| Mar 30, 2025 05:18:23.688340902 CEST | 53681 | 31041 | 192.168.2.14 | 1.70.85.22 |
| Mar 30, 2025 05:18:24.024965048 CEST | 31041 | 53681 | 1.70.85.22 | 192.168.2.14 |
| Mar 30, 2025 05:18:24.024991989 CEST | 31041 | 53681 | 1.70.85.22 | 192.168.2.14 |
| Mar 30, 2025 05:18:24.992491007 CEST | 53681 | 26127 | 192.168.2.14 | 5.36.121.116 |
| Mar 30, 2025 05:18:24.992535114 CEST | 53681 | 7317 | 192.168.2.14 | 189.63.46.223 |
| Mar 30, 2025 05:18:27.994841099 CEST | 53681 | 7317 | 192.168.2.14 | 189.63.46.223 |
| Mar 30, 2025 05:18:27.994839907 CEST | 53681 | 26127 | 192.168.2.14 | 5.36.121.116 |
| Mar 30, 2025 05:18:28.363564968 CEST | 26127 | 53681 | 5.36.121.116 | 192.168.2.14 |
| Mar 30, 2025 05:18:28.364228964 CEST | 53681 | 26127 | 192.168.2.14 | 5.36.121.116 |
| Mar 30, 2025 05:18:28.364228964 CEST | 53681 | 26127 | 192.168.2.14 | 5.36.121.116 |
| Mar 30, 2025 05:18:28.982948065 CEST | 53681 | 48979 | 192.168.2.14 | 2.183.97.22 |
| Mar 30, 2025 05:18:28.983843088 CEST | 26127 | 53681 | 5.36.121.116 | 192.168.2.14 |
| Mar 30, 2025 05:18:29.284967899 CEST | 48979 | 53681 | 2.183.97.22 | 192.168.2.14 |
| Mar 30, 2025 05:18:29.285873890 CEST | 53681 | 48979 | 192.168.2.14 | 2.183.97.22 |
| Mar 30, 2025 05:18:30.136284113 CEST | 48979 | 53681 | 2.183.97.22 | 192.168.2.14 |
| Mar 30, 2025 05:18:31.375466108 CEST | 53681 | 26127 | 192.168.2.14 | 5.36.121.116 |
| Mar 30, 2025 05:18:31.739444971 CEST | 26127 | 53681 | 5.36.121.116 | 192.168.2.14 |
| Mar 30, 2025 05:18:31.839967012 CEST | 26127 | 53681 | 5.36.121.116 | 192.168.2.14 |
| Mar 30, 2025 05:18:31.981997967 CEST | 53681 | 19651 | 192.168.2.14 | 176.115.144.24 |
| Mar 30, 2025 05:18:31.982002974 CEST | 53681 | 48429 | 192.168.2.14 | 1.161.159.155 |
| Mar 30, 2025 05:18:31.982018948 CEST | 53681 | 56259 | 192.168.2.14 | 41.225.138.217 |
| Mar 30, 2025 05:18:31.982048988 CEST | 53681 | 6881 | 192.168.2.14 | 178.85.29.181 |
| Mar 30, 2025 05:18:31.982094049 CEST | 53681 | 50321 | 192.168.2.14 | 177.121.254.152 |
| Mar 30, 2025 05:18:31.982105017 CEST | 53681 | 42856 | 192.168.2.14 | 201.131.173.28 |
| Mar 30, 2025 05:18:32.283220053 CEST | 48429 | 53681 | 1.161.159.155 | 192.168.2.14 |
| Mar 30, 2025 05:18:32.283937931 CEST | 53681 | 6881 | 192.168.2.14 | 88.99.212.222 |
| Mar 30, 2025 05:18:36.988078117 CEST | 53681 | 62353 | 192.168.2.14 | 77.49.156.11 |
| Timestamp | Source IP | Dest IP | Checksum | Code | Type |
|---|---|---|---|---|---|
| Mar 30, 2025 05:16:01.401341915 CEST | 186.85.240.119 | 192.168.2.14 | 6add | (Port unreachable) | Destination Unreachable |
| Mar 30, 2025 05:16:26.194933891 CEST | 116.226.31.175 | 192.168.2.14 | 54c8 | (Port unreachable) | Destination Unreachable |
| Mar 30, 2025 05:16:26.194962025 CEST | 116.226.31.175 | 192.168.2.14 | 54c8 | (Port unreachable) | Destination Unreachable |
| Mar 30, 2025 05:17:33.263799906 CEST | 195.7.12.14 | 192.168.2.14 | 8f4c | (Port unreachable) | Destination Unreachable |
| Mar 30, 2025 05:17:33.428226948 CEST | 106.210.128.151 | 192.168.2.14 | aba0 | (Port unreachable) | Destination Unreachable |
| Mar 30, 2025 05:17:52.272463083 CEST | 195.7.12.14 | 192.168.2.14 | 8f4c | (Port unreachable) | Destination Unreachable |
| Mar 30, 2025 05:18:11.278795958 CEST | 195.7.12.14 | 192.168.2.14 | 8f4c | (Port unreachable) | Destination Unreachable |
| Mar 30, 2025 05:18:32.208856106 CEST | 176.115.144.24 | 192.168.2.14 | 3be4 | (Port unreachable) | Destination Unreachable |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 30, 2025 05:15:08.171554089 CEST | 192.168.2.14 | 8.8.8.8 | 0xda3b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 30, 2025 05:15:08.275891066 CEST | 192.168.2.14 | 8.8.8.8 | 0x3f71 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 30, 2025 05:16:49.058927059 CEST | 192.168.2.14 | 8.8.8.8 | 0xbe1f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 30, 2025 05:17:47.297559023 CEST | 192.168.2.14 | 8.8.8.8 | 0x304d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 30, 2025 05:17:47.297683001 CEST | 192.168.2.14 | 8.8.8.8 | 0x3738 | Standard query (0) | 28 | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 30, 2025 05:15:08.272833109 CEST | 8.8.8.8 | 192.168.2.14 | 0xda3b | No error (0) | 82.221.103.244 | A (IP address) | IN (0x0001) | false | ||
| Mar 30, 2025 05:15:09.145694971 CEST | 8.8.8.8 | 192.168.2.14 | 0x3f71 | No error (0) | 67.215.246.10 | A (IP address) | IN (0x0001) | false | ||
| Mar 30, 2025 05:16:49.157768965 CEST | 8.8.8.8 | 192.168.2.14 | 0xbe1f | No error (0) | 82.221.103.244 | A (IP address) | IN (0x0001) | false | ||
| Mar 30, 2025 05:17:47.395908117 CEST | 8.8.8.8 | 192.168.2.14 | 0x304d | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false | ||
| Mar 30, 2025 05:17:47.395908117 CEST | 8.8.8.8 | 192.168.2.14 | 0x304d | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false |
System Behavior
| Start time (UTC): | 03:15:00 |
| Start date (UTC): | 30/03/2025 |
| Path: | /tmp/.i.elf |
| Arguments: | /tmp/.i.elf |
| File size: | 5777432 bytes |
| MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
| Start time (UTC): | 03:15:01 |
| Start date (UTC): | 30/03/2025 |
| Path: | /tmp/.i.elf |
| Arguments: | - |
| File size: | 5777432 bytes |
| MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
| Start time (UTC): | 03:15:01 |
| Start date (UTC): | 30/03/2025 |
| Path: | /tmp/.i.elf |
| Arguments: | - |
| File size: | 5777432 bytes |
| MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /tmp/.i.elf |
| Arguments: | - |
| File size: | 5777432 bytes |
| MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | sh -c "iptables -A INPUT -p tcp --destination-port 23 -j DROP" |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /usr/sbin/iptables |
| Arguments: | iptables -A INPUT -p tcp --destination-port 23 -j DROP |
| File size: | 99296 bytes |
| MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /tmp/.i.elf |
| Arguments: | - |
| File size: | 5777432 bytes |
| MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | sh -c "iptables -A INPUT -p tcp --destination-port 7547 -j DROP" |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /usr/sbin/iptables |
| Arguments: | iptables -A INPUT -p tcp --destination-port 7547 -j DROP |
| File size: | 99296 bytes |
| MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /tmp/.i.elf |
| Arguments: | - |
| File size: | 5777432 bytes |
| MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | sh -c "iptables -A INPUT -p tcp --destination-port 5555 -j DROP" |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /usr/sbin/iptables |
| Arguments: | iptables -A INPUT -p tcp --destination-port 5555 -j DROP |
| File size: | 99296 bytes |
| MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /tmp/.i.elf |
| Arguments: | - |
| File size: | 5777432 bytes |
| MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | sh -c "iptables -A INPUT -p tcp --destination-port 5358 -j DROP" |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /usr/sbin/iptables |
| Arguments: | iptables -A INPUT -p tcp --destination-port 5358 -j DROP |
| File size: | 99296 bytes |
| MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /tmp/.i.elf |
| Arguments: | - |
| File size: | 5777432 bytes |
| MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | sh -c "iptables -D INPUT -j CWMP_CR" |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /usr/sbin/iptables |
| Arguments: | iptables -D INPUT -j CWMP_CR |
| File size: | 99296 bytes |
| MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /tmp/.i.elf |
| Arguments: | - |
| File size: | 5777432 bytes |
| MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | sh -c "iptables -X CWMP_CR" |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /usr/sbin/iptables |
| Arguments: | iptables -X CWMP_CR |
| File size: | 99296 bytes |
| MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /tmp/.i.elf |
| Arguments: | - |
| File size: | 5777432 bytes |
| MD5 hash: | 0083f1f0e77be34ad27f849842bbb00c |
| Start time (UTC): | 03:15:06 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | sh -c "iptables -I INPUT -p udp --dport 53681 -j ACCEPT" |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:07 |
| Start date (UTC): | 30/03/2025 |
| Path: | /bin/sh |
| Arguments: | - |
| File size: | 129816 bytes |
| MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
| Start time (UTC): | 03:15:07 |
| Start date (UTC): | 30/03/2025 |
| Path: | /usr/sbin/iptables |
| Arguments: | iptables -I INPUT -p udp --dport 53681 -j ACCEPT |
| File size: | 99296 bytes |
| MD5 hash: | 1ab05fef765b6342cdfadaa5275b33af |
