Linux Analysis Report KPz4ERtS9a

Overview

General Information

Sample Name:	KPz4ERtS9a
Analysis ID:	508203
MD5:	066901d9ef64208c0daf3e6f428f7185
SHA1:	b012217d9b8e1a80a8d077cfdabcef03a12d15af
SHA256:	3a0dd755b8ef388ccb5dcdfc94a543450a8974830b87f0ea284c9de7356d1bef
Tags:	32elfintelmirai
Infos:
Most interesting Screenshot:

Detection

Mirai

Score:	76
Range:	0 - 100
Whitelisted:	false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Mirai

Multi AV Scanner detection for submitted file

Sample deletes itself

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Yara signature match

Sample has stripped symbol table

Detected TCP or UDP traffic on non-standard ports

Executes the "rm" command used to delete files or directories

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: KPz4ERtS9a	Virustotal: Detection: 51%	Perma Link
Source: KPz4ERtS9a	Metadefender: Detection: 40%	Perma Link
Source: KPz4ERtS9a	ReversingLabs: Detection: 67%

Machine Learning detection for sample

Source: KPz4ERtS9a

Joe Sandbox ML: detected

Source: unknown

HTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.23:33608 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:51508
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:51508
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:42798
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60806
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:42798
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:42798
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:50756
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60818
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60828
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60838
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60846
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:42880
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60884
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60906
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:42880
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:42880
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60926
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60952
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60992
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42198
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43058
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:51850
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:51850
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 177.22.89.165:23 -> 192.168.2.23:57382
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43058
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43058
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42234
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51196
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51198
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51202
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51206
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51212
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:51034
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51216
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51222
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51234
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51252
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42252
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51260
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:58840
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43182
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42328
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43182
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43182
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42364
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42396
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48036
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42418
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43518
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43302
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46386
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46386
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48036
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42460
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43302
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43302
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48098
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:43638
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42486
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:38932
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:52132
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:52132
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42520
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48098
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:51330
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46468
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46468
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43410
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43632
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48180
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43410
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43410
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:59100
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48180
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54230
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.204.42.116:23 -> 192.168.2.23:35672
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.204.42.116:23 -> 192.168.2.23:35672
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54230
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48220
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46560
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46560
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43474
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54262
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48220
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54262
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43720
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43474
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43474
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48266
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54298
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54298
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48266
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 41.60.125.85:23 -> 192.168.2.23:47270
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54352
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:43852
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:39146
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43582
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43802
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48348
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46628
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46628
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.81.162.113:23 -> 192.168.2.23:33038
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54352
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:51546
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:52426
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:52426
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43582
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43582
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54450
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52578
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48348
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54450
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52604
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48474
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54516
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43954
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:59386
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52636
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46822
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46822
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54516
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52666
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48474
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.204.42.116:23 -> 192.168.2.23:35986
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.204.42.116:23 -> 192.168.2.23:35986
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54550
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52682
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54550
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48544
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52698
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44024
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54592
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46908
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46908
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52712
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48544
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54592
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43824
Source: Traffic	Snort IDS: 2023433 ET TROJAN Possible Linux.Mirai Login Attempt (7ujMko0admin) 192.168.2.23:52206 -> 14.248.94.6:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54630
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48604
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52732
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:44154
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44080
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:39448
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54630
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39390
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39402
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:51826
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52790
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39420
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54700
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39430
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48604
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.89.154.118:23 -> 192.168.2.23:58508
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:47004
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:47004
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39444
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39452
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54700
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.89.154.118:23 -> 192.168.2.23:58532
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39462
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52838
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:52738
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:52738
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48720
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39470
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.89.154.118:23 -> 192.168.2.23:58544
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 178.168.127.193:23 -> 192.168.2.23:42990
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 178.168.127.193:23 -> 192.168.2.23:42990
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39494
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44192
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39520
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:59694
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48720
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44270
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:41932
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:38928
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45188
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:47148
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:47148
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.204.42.116:23 -> 192.168.2.23:36296
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.204.42.116:23 -> 192.168.2.23:36296
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:41932
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45188
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:38970
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58590
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58590
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39000
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42012
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45266
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.228.18.253:23 -> 192.168.2.23:55052
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.228.18.253:23 -> 192.168.2.23:55052
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44384
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45266
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39020
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42012
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:44464
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:47260
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:47260
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:39762
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39044
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45306
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42060
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 68.116.44.1:23 -> 192.168.2.23:48258
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 68.116.44.1:23 -> 192.168.2.23:48258
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:52118
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58676
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58676
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39060
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45306
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39080
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42060
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45352
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42112
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39100
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 178.168.127.193:23 -> 192.168.2.23:43262
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 178.168.127.193:23 -> 192.168.2.23:43262
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45352
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 212.160.213.100:23 -> 192.168.2.23:56512
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 212.160.213.100:23 -> 192.168.2.23:56512
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:47332
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:47332
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.31.59:23 -> 192.168.2.23:41906
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:53066
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:53066
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39154
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42112
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45438
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58772
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58772
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.31.59:23 -> 192.168.2.23:41906
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:59994
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39190
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45438
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42218
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.31.59:23 -> 192.168.2.23:41978
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45480
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42218
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 68.116.44.1:23 -> 192.168.2.23:48434
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 68.116.44.1:23 -> 192.168.2.23:48434
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.31.59:23 -> 192.168.2.23:41978
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.204.42.116:23 -> 192.168.2.23:36590
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.204.42.116:23 -> 192.168.2.23:36590
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45480
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42258
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58878
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58878
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.31.59:23 -> 192.168.2.23:42018
Source: Traffic	Snort IDS: 716 INFO TELNET access 110.16.106.54:23 -> 192.168.2.23:49514
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45524
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42258
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:44712
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45524
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.31.59:23 -> 192.168.2.23:42018
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 110.16.106.54:23 -> 192.168.2.23:49514
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:40016
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42312
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45578
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.31.59:23 -> 192.168.2.23:42086
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:52372
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.228.18.253:23 -> 192.168.2.23:55352
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.228.18.253:23 -> 192.168.2.23:55352
Source: Traffic	Snort IDS: 716 INFO TELNET access 110.16.106.54:23 -> 192.168.2.23:49580
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58958
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58958
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45578
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42312
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.31.59:23 -> 192.168.2.23:42086
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 110.16.106.54:23 -> 192.168.2.23:49580
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 68.116.44.1:23 -> 192.168.2.23:48552
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 68.116.44.1:23 -> 192.168.2.23:48552
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45626
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42376

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34906
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34908
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34910
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34974
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34976
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34986
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34994
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35004
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45692
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45698
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45706
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45712
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45732
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45744
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45754
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45758
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45768
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45778
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59718
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59726
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59760
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59766
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59770
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59774
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59782
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59790
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59796
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59800
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53918
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53922
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53928
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53936
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53942
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53946
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53950
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53964
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53968

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 147.21.6.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.69.36.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 92.75.184.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.66.120.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.146.134.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 130.18.224.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 121.147.145.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.140.51.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.251.146.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 136.13.0.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 202.44.18.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 122.19.37.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.196.28.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 73.79.120.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.48.13.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 149.71.209.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 38.134.247.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.33.207.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.117.122.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 113.31.121.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 65.58.142.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 152.181.38.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 108.137.178.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 83.79.19.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 189.17.177.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 62.214.9.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 68.8.161.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 209.63.251.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 87.182.0.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 167.123.188.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 178.181.38.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.182.55.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 5.253.202.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 166.195.248.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 166.188.172.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 102.181.145.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 177.113.114.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:49008 -> 107.189.1.185:9331
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 146.47.157.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 37.70.243.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 101.106.126.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 96.170.201.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 49.162.191.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 51.98.218.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 31.246.114.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 130.5.62.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 84.161.208.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.60.154.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 181.3.46.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 203.48.26.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 122.197.142.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 87.12.142.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 163.99.210.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.228.112.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 184.213.49.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 101.90.101.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 201.122.93.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 68.58.123.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 76.78.223.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.112.250.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 222.119.196.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 187.130.87.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 171.200.154.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 18.96.212.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 72.183.116.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 153.80.198.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.222.129.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 216.105.73.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 198.168.53.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 83.95.57.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 27.222.203.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.161.32.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 78.81.191.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 82.22.20.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 139.66.126.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.176.167.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 23.71.200.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 77.34.124.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 124.72.235.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 87.202.214.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 220.137.139.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 23.193.205.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 37.23.240.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 202.232.191.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.128.43.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 39.114.141.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.80.66.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 82.228.11.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 82.253.235.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 98.144.232.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 174.68.127.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.199.105.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 201.2.98.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.12.250.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.89.83.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 65.94.168.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.212.175.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 122.255.59.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.109.70.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 188.245.234.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 109.18.86.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 37.120.195.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 90.230.196.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 197.212.161.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 143.152.184.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.231.221.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 46.159.17.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.68.206.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.242.223.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 9.134.78.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 199.19.167.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 189.21.146.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 156.145.56.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.99.195.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 144.246.102.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 123.247.25.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 84.215.120.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 150.57.194.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 200.18.126.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 180.73.180.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 90.130.102.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 193.130.199.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 115.69.182.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 67.137.32.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 32.44.248.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 117.159.231.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 196.136.49.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 50.218.222.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 46.137.19.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 159.112.65.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 24.171.215.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.107.72.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.226.143.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 1.130.213.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 145.14.97.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 85.175.132.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 149.144.216.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.221.32.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.5.13.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 185.48.202.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 190.247.62.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.191.31.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.205.149.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 40.30.96.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 18.149.204.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 23.95.42.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 152.230.10.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 74.214.47.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.102.100.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 201.54.58.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 186.52.141.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.199.144.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 24.21.125.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.191.208.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 200.205.134.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.139.40.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 103.140.149.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 98.124.182.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 203.111.57.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 115.47.243.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 42.117.50.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 86.59.3.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.219.156.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 32.73.64.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 156.17.91.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 126.227.161.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 40.184.110.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 141.163.161.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 53.4.70.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 164.33.248.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 111.156.77.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 112.20.82.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 182.87.155.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 43.85.143.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 105.56.231.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 48.217.255.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 43.1.88.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 62.186.98.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.174.171.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 125.212.104.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.92.32.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.190.16.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 44.100.119.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 123.115.247.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 141.5.162.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 27.107.224.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 197.102.156.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 219.101.168.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 86.24.226.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 39.140.179.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 166.244.151.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 99.201.181.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 212.138.230.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.80.78.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 137.82.159.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 24.2.2.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 157.170.121.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 170.125.167.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 135.26.71.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 19.215.167.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 18.128.38.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.200.241.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 160.120.145.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.218.195.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.129.114.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.247.9.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 128.127.161.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 93.195.164.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 199.92.144.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 158.146.247.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 61.191.25.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 220.184.219.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.91.22.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 38.237.74.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.213.249.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.32.170.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 122.6.251.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 169.132.15.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 72.74.32.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 210.2.79.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 46.56.131.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.241.208.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 70.75.241.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.245.144.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.90.11.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.210.242.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 99.239.32.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.104.5.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 156.41.164.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 109.160.63.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 58.148.251.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 222.25.179.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 126.17.16.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 219.134.83.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 74.183.210.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 43.89.215.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 187.191.222.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 208.89.94.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 160.226.168.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 57.43.7.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 24.168.123.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 5.21.52.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.62.101.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 108.167.61.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.217.126.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 50.35.38.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.194.218.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.13.214.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 44.86.84.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 171.65.160.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 103.149.156.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 117.167.65.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 198.57.169.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 212.1.67.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 181.249.102.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.54.101.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.227.41.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 43.226.227.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.2.169.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 178.114.73.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 219.187.129.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.134.74.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 100.58.100.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 109.34.130.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.80.44.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 61.98.114.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.11.245.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 181.228.246.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.105.120.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 34.227.47.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.184.171.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 70.144.54.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.51.68.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 57.115.132.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 121.157.123.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 194.61.56.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 135.150.24.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.108.42.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 67.156.90.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 104.67.218.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.193.151.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 105.239.100.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 169.100.216.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 48.227.145.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.156.78.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 134.38.35.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 38.250.123.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.141.58.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 186.216.76.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 125.115.208.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 39.241.194.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 152.201.68.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 206.155.140.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.41.109.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 155.236.66.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 135.35.74.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 137.175.245.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 169.239.47.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.47.28.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 190.159.114.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.175.235.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 150.171.255.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 114.177.212.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 200.7.178.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.104.60.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 211.223.64.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 96.115.52.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.162.16.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.51.48.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 72.209.90.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 132.240.8.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.10.70.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 94.76.223.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.226.58.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.223.236.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.207.39.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.69.96.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.69.255.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 36.59.13.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.130.103.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 57.74.136.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 199.164.151.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 137.93.191.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.84.84.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.41.204.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.83.156.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 205.201.207.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 12.84.207.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 197.178.85.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.218.31.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 48.36.138.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.87.130.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 144.34.3.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 45.26.218.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 35.105.30.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 160.29.7.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 168.228.121.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 40.200.29.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 34.199.195.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 88.131.190.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 211.0.129.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.120.242.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 161.124.202.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 136.39.4.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 8.60.172.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 133.245.227.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 133.77.230.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.147.121.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 212.39.111.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 88.158.143.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 113.156.106.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 81.204.59.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 211.216.62.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 209.186.24.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 125.251.132.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 109.84.181.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 101.217.2.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 107.74.9.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 184.22.235.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 12.111.242.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 160.59.31.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 147.218.242.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.243.14.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 131.117.164.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.138.255.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 64.159.98.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 199.196.146.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 95.22.92.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 205.136.118.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 87.150.54.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.252.216.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 202.234.126.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 9.18.76.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.174.86.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.189.173.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 83.112.200.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 147.204.116.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 78.3.200.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.43.191.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 73.6.131.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 216.148.18.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 124.37.44.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 161.3.4.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 194.126.98.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 80.77.235.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 92.198.175.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 99.100.82.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 139.17.39.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.76.47.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 75.211.60.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 61.143.20.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 185.174.209.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 181.72.174.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.12.217.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 205.6.137.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 88.186.7.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 93.231.212.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 211.173.246.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 112.5.78.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 152.43.41.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 81.4.97.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.72.148.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 218.52.108.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 188.32.82.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 53.39.18.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 198.133.9.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 74.201.41.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.73.71.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 167.26.165.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 130.79.61.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 164.82.185.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 125.235.173.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 153.203.99.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 202.22.181.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 169.254.87.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 167.171.128.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 115.204.219.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 54.70.64.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 99.140.75.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 25.75.115.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 194.151.96.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 38.156.175.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 65.131.255.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 71.37.113.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 106.242.49.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 44.239.149.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 131.31.96.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.9.216.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 118.177.94.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 180.112.20.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 65.85.129.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.254.46.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 148.48.130.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 208.242.5.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 27.1.249.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 207.35.94.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 203.205.221.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 100.205.152.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 74.2.180.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.34.153.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 31.109.124.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 139.41.59.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 124.145.133.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 209.133.34.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 163.253.230.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 145.95.19.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.0.153.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 37.70.245.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 103.46.56.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.195.9.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 132.73.168.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 185.74.163.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 180.252.170.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 36.211.15.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 61.122.60.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 113.54.189.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 49.134.63.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 14.107.94.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 146.18.77.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.139.74.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.224.1.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 159.115.41.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 137.201.211.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.80.114.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 165.226.203.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 128.96.120.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 163.22.191.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.181.249.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 85.67.78.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.85.121.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.190.129.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.36.69.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.163.213.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 66.27.248.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 78.29.132.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 98.92.198.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 84.215.133.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.85.69.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.125.129.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 54.174.103.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 83.122.13.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 197.63.101.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.159.63.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.78.214.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 205.6.55.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 159.189.31.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 189.63.232.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 191.106.100.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 206.28.223.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 53.72.232.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.32.208.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.183.63.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 198.130.163.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 144.74.85.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 9.64.46.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.144.94.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 80.34.50.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 53.196.75.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 96.41.132.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 186.231.101.94:2323

Source: unknown

DNS traffic detected: queries for: bots1.firewalla1337.cc

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33608
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 147.21.6.145
Source: unknown	TCP traffic detected without corresponding DNS query: 75.63.206.145
Source: unknown	TCP traffic detected without corresponding DNS query: 65.6.140.118
Source: unknown	TCP traffic detected without corresponding DNS query: 181.164.126.62
Source: unknown	TCP traffic detected without corresponding DNS query: 131.152.82.11
Source: unknown	TCP traffic detected without corresponding DNS query: 49.208.236.66
Source: unknown	TCP traffic detected without corresponding DNS query: 99.237.71.59
Source: unknown	TCP traffic detected without corresponding DNS query: 93.64.74.170
Source: unknown	TCP traffic detected without corresponding DNS query: 128.112.69.96
Source: unknown	TCP traffic detected without corresponding DNS query: 192.126.211.138
Source: unknown	TCP traffic detected without corresponding DNS query: 71.16.211.246
Source: unknown	TCP traffic detected without corresponding DNS query: 175.69.36.233
Source: unknown	TCP traffic detected without corresponding DNS query: 136.126.9.62
Source: unknown	TCP traffic detected without corresponding DNS query: 24.180.34.248
Source: unknown	TCP traffic detected without corresponding DNS query: 69.12.56.128
Source: unknown	TCP traffic detected without corresponding DNS query: 185.151.178.73
Source: unknown	TCP traffic detected without corresponding DNS query: 119.191.100.30
Source: unknown	TCP traffic detected without corresponding DNS query: 14.239.149.122
Source: unknown	TCP traffic detected without corresponding DNS query: 19.151.28.152
Source: unknown	TCP traffic detected without corresponding DNS query: 63.217.201.176
Source: unknown	TCP traffic detected without corresponding DNS query: 221.160.235.34
Source: unknown	TCP traffic detected without corresponding DNS query: 5.159.197.140
Source: unknown	TCP traffic detected without corresponding DNS query: 223.80.140.70
Source: unknown	TCP traffic detected without corresponding DNS query: 37.157.36.41
Source: unknown	TCP traffic detected without corresponding DNS query: 9.248.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 202.11.117.31
Source: unknown	TCP traffic detected without corresponding DNS query: 176.219.193.183
Source: unknown	TCP traffic detected without corresponding DNS query: 92.75.184.46
Source: unknown	TCP traffic detected without corresponding DNS query: 78.52.241.43
Source: unknown	TCP traffic detected without corresponding DNS query: 38.54.232.157
Source: unknown	TCP traffic detected without corresponding DNS query: 130.44.44.135
Source: unknown	TCP traffic detected without corresponding DNS query: 223.66.120.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.209.82.201
Source: unknown	TCP traffic detected without corresponding DNS query: 79.27.213.143
Source: unknown	TCP traffic detected without corresponding DNS query: 47.146.134.61
Source: unknown	TCP traffic detected without corresponding DNS query: 100.63.68.29
Source: unknown	TCP traffic detected without corresponding DNS query: 19.59.203.40
Source: unknown	TCP traffic detected without corresponding DNS query: 157.178.135.72
Source: unknown	TCP traffic detected without corresponding DNS query: 174.143.94.249
Source: unknown	TCP traffic detected without corresponding DNS query: 54.177.179.222
Source: unknown	TCP traffic detected without corresponding DNS query: 117.231.27.144
Source: unknown	TCP traffic detected without corresponding DNS query: 128.199.40.213
Source: unknown	TCP traffic detected without corresponding DNS query: 61.15.0.158
Source: unknown	TCP traffic detected without corresponding DNS query: 179.24.253.218
Source: unknown	TCP traffic detected without corresponding DNS query: 175.56.63.70
Source: unknown	TCP traffic detected without corresponding DNS query: 70.176.87.188
Source: unknown	TCP traffic detected without corresponding DNS query: 130.18.224.225

Source: motd-news.27.dr

String found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation

Source: unknown

HTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.23:33608 version: TLS 1.2

System Summary:

Yara signature match

Source: KPz4ERtS9a, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5216.1.0000000051390be1.000000002d48251b.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5216.1.000000001a887bdc.0000000019a04c35.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal76.troj.evad.lin@0/1@1/0

Source: KPz4ERtS9a

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Executes the "rm" command used to delete files or directories

Source: /usr/bin/dash (PID: 5248)

Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.txS7eGBKCG /tmp/tmp.JsHkh9sVIe /tmp/tmp.UY8RlWyiIl

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Sample deletes itself

Source: /tmp/KPz4ERtS9a (PID: 5216)

File: /tmp/KPz4ERtS9a

Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34906
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34908
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34910
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34974
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34976
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34986
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34994
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35004
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45692
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45698
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45706
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45712
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45732
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45744
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45754
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45758
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45768
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45778
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59718
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59726
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59760
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59766
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59770
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59774
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59782
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59790
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59796
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59800
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53918
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53922
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53928
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53936
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53942
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53946
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53950
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53964
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53968

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
206.61.188.190	unknown	United States	11280	SNAPPYDSL-ASN1US	false
154.109.4.238	unknown	Tunisia	37693	TUNISIANATN	false
87.136.201.29	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
96.155.237.246	unknown	United States	7922	COMCAST-7922US	false
114.53.103.116	unknown	Korea Republic of	18302	SKG_NW-AS-KRSKTelecomKR	false
76.15.172.29	unknown	United States	12271	TWC-12271-NYCUS	false
69.119.173.255	unknown	United States	6128	CABLE-NET-1US	false
49.216.216.28	unknown	Taiwan; Republic of China (ROC)	24158	TAIWANMOBILE-ASTaiwanMobileCoLtdTW	false
183.243.36.155	unknown	China	56048	CMNET-BEIJING-APChinaMobileCommunicaitonsCorporationCN	false
19.249.21.160	unknown	United States	3	MIT-GATEWAYSUS	false
182.200.28.120	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
25.88.36.74	unknown	United Kingdom	7922	COMCAST-7922US	false
222.12.163.129	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
86.17.238.169	unknown	United Kingdom	5089	NTLGB	false
192.154.238.237	unknown	United States	64200	VIVIDHOSTINGUS	false
20.169.237.13	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
36.20.185.59	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
198.65.209.238	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false
136.173.114.39	unknown	Luxembourg	43375	EP-ASEU	false
70.176.178.96	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
111.205.148.181	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
182.104.254.37	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
141.30.26.199	unknown	Germany	680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
135.122.218.248	unknown	United States	18676	AVAYAUS	false
4.107.107.55	unknown	United States	3356	LEVEL3US	false
176.149.9.225	unknown	France	5410	BOUYGTEL-ISPFR	false
2.222.21.137	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
103.157.51.89	unknown	unknown	134687	TWIDC-AS-APTWIDCLimitedHK	false
167.108.230.242	unknown	Uruguay	6057	AdministracionNacionaldeTelecomunicacionesUY	false
25.195.155.27	unknown	United Kingdom	7922	COMCAST-7922US	false
122.255.10.218	unknown	Sri Lanka	18001	DIALOG-ASDialogAxiataPLCLK	false
42.243.149.119	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
19.55.221.32	unknown	United States	3	MIT-GATEWAYSUS	false
173.66.71.172	unknown	United States	701	UUNETUS	false
131.87.85.231	unknown	United States	27046	DNIC-ASBLK-27032-27159US	false
113.68.61.110	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
17.54.245.74	unknown	United States	714	APPLE-ENGINEERINGUS	false
163.57.235.167	unknown	unknown	2516	KDDIKDDICORPORATIONJP	false
190.101.117.123	unknown	Chile	22047	VTRBANDAANCHASACL	false
199.121.191.229	unknown	United States	721	DNIC-ASBLK-00721-00726US	false
12.138.97.107	unknown	United States	7018	ATT-INTERNET4US	false
103.159.224.199	unknown	unknown	134687	TWIDC-AS-APTWIDCLimitedHK	false
63.80.5.76	unknown	United States	701	UUNETUS	false
13.213.91.126	unknown	United States	16509	AMAZON-02US	false
143.23.212.59	unknown	United States	11003	PANDGUS	false
57.234.176.245	unknown	Belgium	2686	ATGS-MMD-ASUS	false
111.80.249.216	unknown	Taiwan; Republic of China (ROC)	2510	INFOWEBFUJITSULIMITEDJP	false
40.131.167.177	unknown	United States	7029	WINDSTREAMUS	false
196.51.223.15	unknown	South Africa	37518	FIBERGRIDSC	false
149.64.54.60	unknown	United States	188	SAIC-ASUS	false
211.110.246.116	unknown	Korea Republic of	18302	SKG_NW-AS-KRSKTelecomKR	false
153.31.237.205	unknown	United States	25996	FBICJISUS	false
42.130.115.68	unknown	China	4249	LILLY-ASUS	false
198.61.186.238	unknown	United States	19994	RACKSPACEUS	false
64.192.132.233	unknown	United States	33548	UNWIRED-NOCUS	false
49.52.78.12	unknown	China	4538	ERX-CERNET-BKBChinaEducationandResearchNetworkCenter	false
179.188.242.121	unknown	Brazil	27715	LocawebServicosdeInternetSABR	false
8.36.137.236	unknown	United States	3356	LEVEL3US	false
152.170.97.196	unknown	Argentina	10318	TelecomArgentinaSAAR	false
64.95.129.152	unknown	United States	395424	LOGMEIN-EMEA-1US	false
194.25.238.144	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
105.237.52.13	unknown	South Africa	16637	MTNNS-ASZA	false
87.35.240.228	unknown	Ireland	1213	HEANETIE	false
213.37.228.51	unknown	Spain	12357	COMUNITELSPAINES	false
191.14.68.220	unknown	Brazil	26599	TELEFONICABRASILSABR	false
161.87.168.175	unknown	Netherlands	14298	EPA-NETUS	false
174.40.48.84	unknown	United States	6167	CELLCO-PARTUS	false
209.63.110.87	unknown	United States	7385	ALLSTREAMUS	false
203.51.120.80	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
31.219.164.78	unknown	United Arab Emirates	5384	EMIRATES-INTERNETEmiratesInternetAE	false
187.177.237.196	unknown	Mexico	6503	AxtelSABdeCVMX	false
35.176.86.255	unknown	United States	16509	AMAZON-02US	false
179.62.170.72	unknown	Argentina	27983	RedIntercableDigitalSAAR	false
82.148.164.138	unknown	Norway	29300	AS-DIRECTCONNECTNO	false
105.179.46.23	unknown	unknown	37228	Olleh-Rwanda-NetworksRW	false
221.200.240.250	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
191.201.125.63	unknown	Brazil	26599	TELEFONICABRASILSABR	false
202.109.79.52	unknown	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
174.162.235.66	unknown	United States	7922	COMCAST-7922US	false
165.223.234.228	unknown	United States	3550	ERX-PHILNETAteneodeManilaUniversityPH	false
149.131.179.149	unknown	United States	33022	WELLESLEY-COLLEGEUS	false
213.215.187.119	unknown	Italy	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
42.204.186.200	unknown	China	7641	CHINABTNChinaBroadcastingTVNetCN	false
200.252.67.136	unknown	Brazil	4230	CLAROSABR	false
141.239.2.110	unknown	United States	36149	HAWAIIAN-TELCOMUS	false
211.41.228.38	unknown	Korea Republic of	9943	KNCTV-ASKangNamCableTVKR	false
65.239.163.61	unknown	United States	701	UUNETUS	false
151.58.79.95	unknown	Italy	1267	ASN-WINDTREIUNETEU	false
25.148.142.254	unknown	United Kingdom	7922	COMCAST-7922US	false
92.179.237.117	unknown	France	12479	UNI2-ASES	false
196.146.184.1	unknown	Egypt	36935	Vodafone-EG	false
25.158.212.76	unknown	United Kingdom	7922	COMCAST-7922US	false
203.147.5.113	unknown	Thailand	7616	JINET-BKK-AS-APJasmineInternetCoLtdTH	false
185.21.26.85	unknown	Italy	199324	DODONETDODONETSRL-dodonetnetwork-httpwwwdodone	false
60.252.146.232	unknown	China	17968	DQTNETDaqingzhongjipetroleumtelecommunicationconstructi	false
64.22.117.125	unknown	United States	7226	ZCOLO-ATL01US	false
150.98.213.183	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
13.133.76.171	unknown	United States	7018	ATT-INTERNET4US	false
132.150.213.184	unknown	Norway	2119	TELENOR-NEXTELTelenorNorgeASNO	false
125.51.29.222	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false

Contacted Domains

Name	IP	Active
bots1.firewalla1337.cc	107.189.1.185	true

AV Detection:

Multi AV Scanner detection for submitted file

Source: KPz4ERtS9a	Virustotal: Detection: 51%	Perma Link
Source: KPz4ERtS9a	Metadefender: Detection: 40%	Perma Link
Source: KPz4ERtS9a	ReversingLabs: Detection: 67%

Machine Learning detection for sample

Source: KPz4ERtS9a

Joe Sandbox ML: detected

Source: unknown

HTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.23:33608 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:51508
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:51508
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:42798
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60806
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:42798
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:42798
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:50756
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60818
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60828
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60838
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60846
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:42880
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60884
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60906
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:42880
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:42880
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60926
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60952
Source: Traffic	Snort IDS: 716 INFO TELNET access 151.234.205.221:23 -> 192.168.2.23:60992
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42198
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43058
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:51850
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:51850
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 177.22.89.165:23 -> 192.168.2.23:57382
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43058
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43058
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42234
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51196
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51198
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51202
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51206
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51212
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:51034
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51216
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51222
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51234
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51252
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42252
Source: Traffic	Snort IDS: 716 INFO TELNET access 178.162.88.240:23 -> 192.168.2.23:51260
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:58840
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43182
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42328
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43182
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43182
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42364
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42396
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48036
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42418
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43518
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43302
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46386
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46386
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48036
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42460
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43302
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43302
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48098
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:43638
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42486
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:38932
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:52132
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:52132
Source: Traffic	Snort IDS: 716 INFO TELNET access 186.7.60.183:23 -> 192.168.2.23:42520
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48098
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:51330
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46468
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46468
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43410
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43632
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48180
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43410
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43410
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:59100
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48180
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54230
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.204.42.116:23 -> 192.168.2.23:35672
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.204.42.116:23 -> 192.168.2.23:35672
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54230
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48220
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46560
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46560
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43474
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54262
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48220
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54262
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43720
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43474
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43474
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48266
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54298
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54298
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48266
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 41.60.125.85:23 -> 192.168.2.23:47270
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54352
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:43852
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:39146
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43582
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43802
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48348
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46628
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46628
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 200.81.162.113:23 -> 192.168.2.23:33038
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54352
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:51546
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:52426
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:52426
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43582
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43582
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54450
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52578
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48348
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54450
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52604
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48474
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54516
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:43954
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:59386
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52636
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46822
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46822
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54516
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52666
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48474
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.204.42.116:23 -> 192.168.2.23:35986
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.204.42.116:23 -> 192.168.2.23:35986
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54550
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 61.84.83.99:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 61.84.83.99:23 -> 192.168.2.23:43746
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52682
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54550
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48544
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52698
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44024
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54592
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:46908
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:46908
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52712
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48544
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54592
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.84.83.99:23 -> 192.168.2.23:43824
Source: Traffic	Snort IDS: 2023433 ET TROJAN Possible Linux.Mirai Login Attempt (7ujMko0admin) 192.168.2.23:52206 -> 14.248.94.6:23
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54630
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48604
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52732
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:44154
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44080
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:39448
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54630
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39390
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39402
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:51826
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52790
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39420
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.235.54.255:23 -> 192.168.2.23:54700
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39430
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48604
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.89.154.118:23 -> 192.168.2.23:58508
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:47004
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:47004
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39444
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39452
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 112.235.54.255:23 -> 192.168.2.23:54700
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.89.154.118:23 -> 192.168.2.23:58532
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39462
Source: Traffic	Snort IDS: 716 INFO TELNET access 179.52.104.79:23 -> 192.168.2.23:52838
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:52738
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:52738
Source: Traffic	Snort IDS: 716 INFO TELNET access 220.170.135.156:23 -> 192.168.2.23:48720
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39470
Source: Traffic	Snort IDS: 716 INFO TELNET access 125.89.154.118:23 -> 192.168.2.23:58544
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 178.168.127.193:23 -> 192.168.2.23:42990
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 178.168.127.193:23 -> 192.168.2.23:42990
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39494
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44192
Source: Traffic	Snort IDS: 716 INFO TELNET access 111.59.194.46:23 -> 192.168.2.23:39520
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:59694
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 220.170.135.156:23 -> 192.168.2.23:48720
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44270
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:41932
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:38928
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45188
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:47148
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:47148
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.204.42.116:23 -> 192.168.2.23:36296
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.204.42.116:23 -> 192.168.2.23:36296
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:41932
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45188
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:38970
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58590
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58590
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39000
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42012
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45266
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.228.18.253:23 -> 192.168.2.23:55052
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.228.18.253:23 -> 192.168.2.23:55052
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 111.39.89.193:23 -> 192.168.2.23:44384
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45266
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39020
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42012
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:44464
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:47260
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:47260
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:39762
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39044
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45306
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42060
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 68.116.44.1:23 -> 192.168.2.23:48258
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 68.116.44.1:23 -> 192.168.2.23:48258
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:52118
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58676
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58676
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39060
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45306
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39080
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42060
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45352
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42112
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39100
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 178.168.127.193:23 -> 192.168.2.23:43262
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 178.168.127.193:23 -> 192.168.2.23:43262
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45352
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 212.160.213.100:23 -> 192.168.2.23:56512
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 212.160.213.100:23 -> 192.168.2.23:56512
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.230.47.30:23 -> 192.168.2.23:47332
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.230.47.30:23 -> 192.168.2.23:47332
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.31.59:23 -> 192.168.2.23:41906
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 89.106.11.159:23 -> 192.168.2.23:53066
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 89.106.11.159:23 -> 192.168.2.23:53066
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39154
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42112
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45438
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58772
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58772
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.31.59:23 -> 192.168.2.23:41906
Source: Traffic	Snort IDS: 716 INFO TELNET access 61.113.241.216:23 -> 192.168.2.23:59994
Source: Traffic	Snort IDS: 716 INFO TELNET access 148.255.33.114:23 -> 192.168.2.23:39190
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45438
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42218
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.31.59:23 -> 192.168.2.23:41978
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45480
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42218
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 68.116.44.1:23 -> 192.168.2.23:48434
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 68.116.44.1:23 -> 192.168.2.23:48434
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.31.59:23 -> 192.168.2.23:41978
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 209.204.42.116:23 -> 192.168.2.23:36590
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 209.204.42.116:23 -> 192.168.2.23:36590
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45480
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42258
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58878
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58878
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.31.59:23 -> 192.168.2.23:42018
Source: Traffic	Snort IDS: 716 INFO TELNET access 110.16.106.54:23 -> 192.168.2.23:49514
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45524
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42258
Source: Traffic	Snort IDS: 716 INFO TELNET access 89.125.129.165:23 -> 192.168.2.23:44712
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45524
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.31.59:23 -> 192.168.2.23:42018
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 110.16.106.54:23 -> 192.168.2.23:49514
Source: Traffic	Snort IDS: 716 INFO TELNET access 103.74.247.52:23 -> 192.168.2.23:40016
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42312
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45578
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.31.59:23 -> 192.168.2.23:42086
Source: Traffic	Snort IDS: 716 INFO TELNET access 112.229.45.217:23 -> 192.168.2.23:52372
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 45.228.18.253:23 -> 192.168.2.23:55352
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 45.228.18.253:23 -> 192.168.2.23:55352
Source: Traffic	Snort IDS: 716 INFO TELNET access 110.16.106.54:23 -> 192.168.2.23:49580
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 111.250.39.94:23 -> 192.168.2.23:58958
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 111.250.39.94:23 -> 192.168.2.23:58958
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 189.17.247.138:23 -> 192.168.2.23:45578
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.82.247:23 -> 192.168.2.23:42312
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 117.158.31.59:23 -> 192.168.2.23:42086
Source: Traffic	Snort IDS: 492 INFO TELNET login failed 110.16.106.54:23 -> 192.168.2.23:49580
Source: Traffic	Snort IDS: 1251 INFO TELNET Bad Login 68.116.44.1:23 -> 192.168.2.23:48552
Source: Traffic	Snort IDS: 718 INFO TELNET login incorrect 68.116.44.1:23 -> 192.168.2.23:48552
Source: Traffic	Snort IDS: 716 INFO TELNET access 189.17.247.138:23 -> 192.168.2.23:45626
Source: Traffic	Snort IDS: 716 INFO TELNET access 117.158.82.247:23 -> 192.168.2.23:42376

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34906
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34908
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34910
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34974
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34976
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34986
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34994
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35004
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45692
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45698
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45706
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45712
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45732
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45744
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45754
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45758
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45768
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45778
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59718
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59726
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59760
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59766
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59770
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59774
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59782
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59790
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59796
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59800
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53918
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53922
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53928
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53936
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53942
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53946
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53950
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53964
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53968

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 147.21.6.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.69.36.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 92.75.184.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.66.120.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.146.134.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 130.18.224.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 121.147.145.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.140.51.66:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.251.146.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 136.13.0.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 202.44.18.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 122.19.37.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.196.28.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 73.79.120.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.48.13.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 149.71.209.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 38.134.247.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.33.207.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.117.122.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 113.31.121.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 65.58.142.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 152.181.38.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 108.137.178.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 83.79.19.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 189.17.177.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 62.214.9.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 68.8.161.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 209.63.251.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 87.182.0.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 167.123.188.203:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 178.181.38.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.182.55.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 5.253.202.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 166.195.248.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 166.188.172.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 102.181.145.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 177.113.114.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:49008 -> 107.189.1.185:9331
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 146.47.157.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 37.70.243.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 101.106.126.98:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 96.170.201.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 49.162.191.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 51.98.218.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 31.246.114.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 130.5.62.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 84.161.208.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.60.154.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 181.3.46.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 203.48.26.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 122.197.142.83:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 87.12.142.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 163.99.210.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.228.112.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 184.213.49.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 101.90.101.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 201.122.93.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 68.58.123.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 76.78.223.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.112.250.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 222.119.196.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 187.130.87.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 171.200.154.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 18.96.212.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 72.183.116.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 153.80.198.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.222.129.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 216.105.73.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 198.168.53.27:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 83.95.57.242:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 27.222.203.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.161.32.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 78.81.191.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 82.22.20.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 139.66.126.163:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.176.167.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 23.71.200.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 77.34.124.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 124.72.235.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 87.202.214.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 220.137.139.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 23.193.205.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 37.23.240.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 202.232.191.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.128.43.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 39.114.141.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.80.66.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 82.228.11.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 82.253.235.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 98.144.232.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 174.68.127.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.199.105.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 201.2.98.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.12.250.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.89.83.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 65.94.168.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.212.175.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 122.255.59.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.109.70.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 188.245.234.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 109.18.86.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 37.120.195.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 90.230.196.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 197.212.161.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 143.152.184.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.231.221.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 46.159.17.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.68.206.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.242.223.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 9.134.78.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 199.19.167.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 189.21.146.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 156.145.56.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.99.195.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 144.246.102.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 123.247.25.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 84.215.120.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 150.57.194.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 200.18.126.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 180.73.180.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 90.130.102.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 193.130.199.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 115.69.182.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 67.137.32.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 32.44.248.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 117.159.231.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 196.136.49.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 50.218.222.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 46.137.19.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 159.112.65.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 24.171.215.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.107.72.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.226.143.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 1.130.213.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 145.14.97.243:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 85.175.132.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 149.144.216.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.221.32.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.5.13.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 185.48.202.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 190.247.62.68:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.191.31.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.205.149.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 40.30.96.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 18.149.204.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 23.95.42.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 152.230.10.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 74.214.47.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.102.100.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 201.54.58.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 186.52.141.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.199.144.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 24.21.125.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.191.208.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 200.205.134.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.139.40.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 103.140.149.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 98.124.182.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 203.111.57.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 115.47.243.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 42.117.50.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 86.59.3.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.219.156.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 32.73.64.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 156.17.91.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 126.227.161.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 40.184.110.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 141.163.161.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 53.4.70.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 164.33.248.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 111.156.77.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 112.20.82.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 182.87.155.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 43.85.143.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 105.56.231.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 48.217.255.14:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 43.1.88.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 62.186.98.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.174.171.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 125.212.104.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.92.32.7:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.190.16.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 44.100.119.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 123.115.247.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 141.5.162.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 27.107.224.244:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 197.102.156.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 219.101.168.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 86.24.226.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 39.140.179.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 166.244.151.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 99.201.181.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 212.138.230.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.80.78.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 137.82.159.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 24.2.2.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 157.170.121.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 170.125.167.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 135.26.71.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 19.215.167.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 18.128.38.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.200.241.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 160.120.145.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.218.195.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.129.114.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.247.9.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 128.127.161.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 93.195.164.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 199.92.144.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 158.146.247.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 61.191.25.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 220.184.219.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.91.22.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 38.237.74.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.213.249.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.32.170.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 122.6.251.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 169.132.15.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 72.74.32.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 210.2.79.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 46.56.131.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.241.208.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 70.75.241.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.245.144.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.90.11.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.210.242.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 99.239.32.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.104.5.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 156.41.164.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 109.160.63.35:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 58.148.251.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 222.25.179.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 126.17.16.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 219.134.83.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 74.183.210.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 43.89.215.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 187.191.222.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 208.89.94.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 160.226.168.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 57.43.7.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 24.168.123.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 5.21.52.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.62.101.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 108.167.61.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.217.126.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 50.35.38.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.194.218.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.13.214.212:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 44.86.84.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 171.65.160.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 103.149.156.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 117.167.65.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 198.57.169.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 212.1.67.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 181.249.102.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.54.101.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.227.41.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 43.226.227.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.2.169.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 178.114.73.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 219.187.129.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.134.74.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 100.58.100.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 109.34.130.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.80.44.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 61.98.114.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.11.245.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 181.228.246.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.105.120.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 34.227.47.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.184.171.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 70.144.54.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.51.68.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 57.115.132.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 121.157.123.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 194.61.56.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 135.150.24.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.108.42.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 67.156.90.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 104.67.218.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.193.151.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 105.239.100.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 169.100.216.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 48.227.145.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.156.78.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 134.38.35.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 38.250.123.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.141.58.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 186.216.76.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 125.115.208.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 39.241.194.134:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 152.201.68.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 206.155.140.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 183.41.109.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 155.236.66.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 135.35.74.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 137.175.245.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 169.239.47.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.47.28.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 190.159.114.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 91.175.235.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 150.171.255.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 114.177.212.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 200.7.178.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.104.60.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 211.223.64.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 96.115.52.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.162.16.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.51.48.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 72.209.90.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 132.240.8.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.10.70.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 94.76.223.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.226.58.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.223.236.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 151.207.39.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.69.96.240:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.69.255.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 36.59.13.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.130.103.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 57.74.136.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 199.164.151.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 137.93.191.138:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.84.84.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.41.204.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.83.156.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 205.201.207.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 12.84.207.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 197.178.85.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.218.31.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 48.36.138.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.87.130.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 144.34.3.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 45.26.218.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 35.105.30.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 160.29.7.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 168.228.121.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 40.200.29.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 34.199.195.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 88.131.190.249:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 211.0.129.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.120.242.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 161.124.202.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 136.39.4.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 8.60.172.52:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 133.245.227.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 133.77.230.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 129.147.121.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 212.39.111.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 88.158.143.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 113.156.106.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 81.204.59.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 211.216.62.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 209.186.24.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 125.251.132.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 109.84.181.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 101.217.2.230:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 107.74.9.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 184.22.235.208:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 12.111.242.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 160.59.31.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 147.218.242.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.243.14.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 131.117.164.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 60.138.255.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 64.159.98.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 199.196.146.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 95.22.92.79:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 205.136.118.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 87.150.54.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.252.216.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 202.234.126.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 9.18.76.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.174.86.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 223.189.173.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 83.112.200.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 147.204.116.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 78.3.200.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 140.43.191.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 73.6.131.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 216.148.18.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 124.37.44.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 161.3.4.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 194.126.98.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 80.77.235.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 92.198.175.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 99.100.82.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 139.17.39.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.76.47.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 75.211.60.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 61.143.20.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 185.174.209.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 181.72.174.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 138.12.217.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 205.6.137.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 88.186.7.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 93.231.212.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 211.173.246.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 112.5.78.85:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 152.43.41.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 81.4.97.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.72.148.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 218.52.108.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 188.32.82.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 53.39.18.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 198.133.9.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 74.201.41.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 179.73.71.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 167.26.165.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 130.79.61.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 164.82.185.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 125.235.173.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 153.203.99.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 202.22.181.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 169.254.87.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 167.171.128.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 115.204.219.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 54.70.64.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 99.140.75.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 25.75.115.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 194.151.96.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 38.156.175.177:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 65.131.255.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 71.37.113.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 106.242.49.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 44.239.149.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 131.31.96.111:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.9.216.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 118.177.94.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 180.112.20.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 65.85.129.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.254.46.155:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 148.48.130.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 208.242.5.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 27.1.249.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 207.35.94.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 203.205.221.62:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 100.205.152.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 74.2.180.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.34.153.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 31.109.124.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 139.41.59.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 124.145.133.29:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 209.133.34.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 163.253.230.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 145.95.19.202:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 162.0.153.145:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 37.70.245.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 103.46.56.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 142.195.9.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 132.73.168.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 185.74.163.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 180.252.170.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 36.211.15.182:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 61.122.60.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 113.54.189.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 49.134.63.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 14.107.94.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 146.18.77.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.139.74.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.224.1.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 159.115.41.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 137.201.211.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 119.80.114.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 165.226.203.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 128.96.120.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 163.22.191.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 13.181.249.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 85.67.78.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.85.121.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 20.190.129.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.36.69.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 47.163.213.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 66.27.248.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 78.29.132.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 98.92.198.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 84.215.133.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 217.85.69.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 175.125.129.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 54.174.103.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 83.122.13.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 197.63.101.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.159.63.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 116.78.214.15:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 205.6.55.189:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 159.189.31.184:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 189.63.232.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 191.106.100.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 206.28.223.255:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 53.72.232.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 4.32.208.90:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 173.183.63.116:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 198.130.163.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 144.74.85.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 9.64.46.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 52.144.94.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 80.34.50.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 53.196.75.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 96.41.132.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:63275 -> 186.231.101.94:2323

Source: unknown

DNS traffic detected: queries for: bots1.firewalla1337.cc

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 33608
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 33608 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown	TCP traffic detected without corresponding DNS query: 147.21.6.145
Source: unknown	TCP traffic detected without corresponding DNS query: 75.63.206.145
Source: unknown	TCP traffic detected without corresponding DNS query: 65.6.140.118
Source: unknown	TCP traffic detected without corresponding DNS query: 181.164.126.62
Source: unknown	TCP traffic detected without corresponding DNS query: 131.152.82.11
Source: unknown	TCP traffic detected without corresponding DNS query: 49.208.236.66
Source: unknown	TCP traffic detected without corresponding DNS query: 99.237.71.59
Source: unknown	TCP traffic detected without corresponding DNS query: 93.64.74.170
Source: unknown	TCP traffic detected without corresponding DNS query: 128.112.69.96
Source: unknown	TCP traffic detected without corresponding DNS query: 192.126.211.138
Source: unknown	TCP traffic detected without corresponding DNS query: 71.16.211.246
Source: unknown	TCP traffic detected without corresponding DNS query: 175.69.36.233
Source: unknown	TCP traffic detected without corresponding DNS query: 136.126.9.62
Source: unknown	TCP traffic detected without corresponding DNS query: 24.180.34.248
Source: unknown	TCP traffic detected without corresponding DNS query: 69.12.56.128
Source: unknown	TCP traffic detected without corresponding DNS query: 185.151.178.73
Source: unknown	TCP traffic detected without corresponding DNS query: 119.191.100.30
Source: unknown	TCP traffic detected without corresponding DNS query: 14.239.149.122
Source: unknown	TCP traffic detected without corresponding DNS query: 19.151.28.152
Source: unknown	TCP traffic detected without corresponding DNS query: 63.217.201.176
Source: unknown	TCP traffic detected without corresponding DNS query: 221.160.235.34
Source: unknown	TCP traffic detected without corresponding DNS query: 5.159.197.140
Source: unknown	TCP traffic detected without corresponding DNS query: 223.80.140.70
Source: unknown	TCP traffic detected without corresponding DNS query: 37.157.36.41
Source: unknown	TCP traffic detected without corresponding DNS query: 9.248.184.17
Source: unknown	TCP traffic detected without corresponding DNS query: 202.11.117.31
Source: unknown	TCP traffic detected without corresponding DNS query: 176.219.193.183
Source: unknown	TCP traffic detected without corresponding DNS query: 92.75.184.46
Source: unknown	TCP traffic detected without corresponding DNS query: 78.52.241.43
Source: unknown	TCP traffic detected without corresponding DNS query: 38.54.232.157
Source: unknown	TCP traffic detected without corresponding DNS query: 130.44.44.135
Source: unknown	TCP traffic detected without corresponding DNS query: 223.66.120.169
Source: unknown	TCP traffic detected without corresponding DNS query: 45.209.82.201
Source: unknown	TCP traffic detected without corresponding DNS query: 79.27.213.143
Source: unknown	TCP traffic detected without corresponding DNS query: 47.146.134.61
Source: unknown	TCP traffic detected without corresponding DNS query: 100.63.68.29
Source: unknown	TCP traffic detected without corresponding DNS query: 19.59.203.40
Source: unknown	TCP traffic detected without corresponding DNS query: 157.178.135.72
Source: unknown	TCP traffic detected without corresponding DNS query: 174.143.94.249
Source: unknown	TCP traffic detected without corresponding DNS query: 54.177.179.222
Source: unknown	TCP traffic detected without corresponding DNS query: 117.231.27.144
Source: unknown	TCP traffic detected without corresponding DNS query: 128.199.40.213
Source: unknown	TCP traffic detected without corresponding DNS query: 61.15.0.158
Source: unknown	TCP traffic detected without corresponding DNS query: 179.24.253.218
Source: unknown	TCP traffic detected without corresponding DNS query: 175.56.63.70
Source: unknown	TCP traffic detected without corresponding DNS query: 70.176.87.188
Source: unknown	TCP traffic detected without corresponding DNS query: 130.18.224.225

Source: motd-news.27.dr

String found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation

Source: unknown

HTTPS traffic detected: 54.171.230.55:443 -> 192.168.2.23:33608 version: TLS 1.2

System Summary:

Yara signature match

Source: KPz4ERtS9a, type: SAMPLE	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5216.1.0000000051390be1.000000002d48251b.rw-.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
Source: 5216.1.000000001a887bdc.0000000019a04c35.r-x.sdmp, type: MEMORY	Matched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal76.troj.evad.lin@0/1@1/0

Source: KPz4ERtS9a

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Persistence and Installation Behavior:

Executes the "rm" command used to delete files or directories

Source: /usr/bin/dash (PID: 5248)

Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.txS7eGBKCG /tmp/tmp.JsHkh9sVIe /tmp/tmp.UY8RlWyiIl

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Sample deletes itself

Source: /tmp/KPz4ERtS9a (PID: 5216)

File: /tmp/KPz4ERtS9a

Jump to behavior

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34904
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34906
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34908
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34910
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34916
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34974
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34976
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34986
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 34994
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 35004
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45692
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45698
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45706
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45712
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45732
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45744
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45754
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45758
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45768
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 45778
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59718
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59726
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59760
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59766
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59770
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59774
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59782
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59790
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59796
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 59800
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53918
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53922
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53928
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53936
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53942
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53946
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53950
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53958
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53964
Source: unknown	Network traffic detected: HTTP traffic on port 23 -> 53968

Stealing of Sensitive Information:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

Remote Access Functionality:

Yara detected Mirai

Source: Yara match

File source: dump.pcap, type: PCAP

ID:	508203
Product:	CloudBasic
Start time:	09:39:09
Start date:	24.10.2021
Sample:	KPz4ERtS9a
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	066901d9ef64208c0daf3e6f428f7185
SHA1:	b012217d9b8e1a80a8d077cfdabcef03a12d15af
SHA256:	3a0dd755b8ef388ccb5dcdfc94a543450a8974830b87f0ea284c9de7356d1bef
Filetype:	ELF Executable and Linkable format (Linux) (4029/14) 50.16%

Linux Analysis Report KPz4ERtS9a

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Networking:

System Summary:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Stealing of Sensitive Information:

Remote Access Functionality:

Screenshots

Network Map

Contacted Public IPs

Contacted Domains