Loading ...

Play interactive tourEdit tour

Linux Analysis Report x86-20211103-0152

Overview

General Information

Sample Name:x86-20211103-0152
Analysis ID:514272
MD5:48bfe55d7795f2d6905c6cdbea372b9b
SHA1:760d6b9c2779c3bb8f5eb2c8e1b95824fb8277dc
SHA256:fa1be914982a111f999fee0ed612d94ba9d0792257ee54c41acba3c2126e35ab
Tags:Mirai
Infos:

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Sample deletes itself
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Yara signature match
Sample has stripped symbol table
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:514272
Start date:03.11.2021
Start time:03:26:25
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 40s
Hypervisor based Inspection enabled:false
Report type:light
Sample file name:x86-20211103-0152
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal76.troj.evad.lin@0/0@1/0
Warnings:
Show All
  • Report size exceeded maximum capacity and may have missing network information.
  • TCP Packets have been reduced to 100
  • VT rate limit hit for: bots1.firewalla1337.cc

Process Tree

  • system is lnxubuntu20
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
x86-20211103-0152SUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0x139dc:$xo1: \x19;.=885{azd
  • 0x13a4c:$xo1: \x19;.=885{azd
  • 0x13ab0:$xo1: \x19;.=885{azd
  • 0x13b1c:$xo1: \x19;.=885{azd
  • 0x13b88:$xo1: \x19;.=885{azd
  • 0x13c7c:$xo1: \x19;.=885{azd
  • 0x13ce4:$xo1: \x19;.=885{azd
  • 0x13d54:$xo1: \x19;.=885{azd
  • 0x13dc4:$xo1: \x19;.=885{azd
  • 0x13e34:$xo1: \x19;.=885{azd
  • 0x13ea4:$xo1: \x19;.=885{azd
  • 0x13fc8:$xo1: \x175 366;uotj
  • 0x14038:$xo1: \x175 366;uotj
  • 0x140a8:$xo1: \x175 366;uotj
  • 0x14118:$xo1: \x175 366;uotj
  • 0x14188:$xo1: \x175 366;uotj
  • 0x14200:$xo1: \x19;.=885{azd
  • 0x14244:$xo1: \x19;.=885{azd
  • 0x14290:$xo1: \x19;.=885{azd
  • 0x142ec:$xo1: \x19;.=885{azd
  • 0x14334:$xo1: \x19;.=885{azd

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5237.1.00000000c2a55aea.00000000adfd88f2.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0x5d0:$xo1: \x175 366;uotj
    • 0x648:$xo1: \x175 366;uotj
    • 0x6c0:$xo1: \x175 366;uotj
    • 0x738:$xo1: \x175 366;uotj
    • 0x7b0:$xo1: \x175 366;uotj
    • 0x830:$xo1: \x19;.=885{azd
    • 0x8a0:$xo1: \x19;.=885{azd
    • 0x908:$xo1: \x19;.=885{azd
    • 0x978:$xo1: \x19;.=885{azd
    • 0x9e8:$xo1: \x19;.=885{azd
    • 0xae8:$xo1: \x19;.=885{azd
    • 0xba0:$xo1: \x19;.=885{azd
    • 0xbe8:$xo1: \x19;.=885{azd
    • 0xc38:$xo1: \x19;.=885{azd
    • 0xc98:$xo1: \x19;.=885{azd
    • 0xce0:$xo1: \x19;.=885{azd
    • 0xd00:$xo1: \x19;.=885{azd
    • 0xd50:$xo1: \x19;.=885{azd
    • 0xd98:$xo1: \x19;.=885{azd
    • 0xdf8:$xo1: \x19;.=885{azd
    • 0xe68:$xo1: \x19;.=885{azd
    5237.1.000000001a887bdc.00000000531557b5.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0x139dc:$xo1: \x19;.=885{azd
    • 0x13a4c:$xo1: \x19;.=885{azd
    • 0x13ab0:$xo1: \x19;.=885{azd
    • 0x13b1c:$xo1: \x19;.=885{azd
    • 0x13b88:$xo1: \x19;.=885{azd
    • 0x13c7c:$xo1: \x19;.=885{azd
    • 0x13ce4:$xo1: \x19;.=885{azd
    • 0x13d54:$xo1: \x19;.=885{azd
    • 0x13dc4:$xo1: \x19;.=885{azd
    • 0x13e34:$xo1: \x19;.=885{azd
    • 0x13ea4:$xo1: \x19;.=885{azd
    • 0x13fc8:$xo1: \x175 366;uotj
    • 0x14038:$xo1: \x175 366;uotj
    • 0x140a8:$xo1: \x175 366;uotj
    • 0x14118:$xo1: \x175 366;uotj
    • 0x14188:$xo1: \x175 366;uotj
    • 0x14200:$xo1: \x19;.=885{azd
    • 0x14244:$xo1: \x19;.=885{azd
    • 0x14290:$xo1: \x19;.=885{azd
    • 0x142ec:$xo1: \x19;.=885{azd
    • 0x14334:$xo1: \x19;.=885{azd

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: x86-20211103-0152Virustotal: Detection: 49%Perma Link
    Source: x86-20211103-0152ReversingLabs: Detection: 54%
    Machine Learning detection for sampleShow sources
    Source: x86-20211103-0152Joe Sandbox ML: detected

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.183.65.158:23 -> 192.168.2.23:40436
    Source: TrafficSnort IDS: 2023439 ET TROJAN Possible Linux.Mirai Login Attempt (hi3518) 192.168.2.23:57362 -> 94.211.185.241:23
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.207.245.60:23 -> 192.168.2.23:59700
    Source: TrafficSnort IDS: 716 INFO TELNET access 138.94.203.96:23 -> 192.168.2.23:50030
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.207.245.60:23 -> 192.168.2.23:59732
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.183.65.158:23 -> 192.168.2.23:40542
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.39.245.19:23 -> 192.168.2.23:35518
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 138.94.203.96:23 -> 192.168.2.23:50030
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.39.245.19:23 -> 192.168.2.23:35524
    Source: TrafficSnort IDS: 2023449 ET TROJAN Possible Linux.Mirai Login Attempt (vizxv) 192.168.2.23:57460 -> 94.211.185.241:23
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.207.245.60:23 -> 192.168.2.23:59746
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.39.245.19:23 -> 192.168.2.23:35534
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.39.245.19:23 -> 192.168.2.23:35544
    Source: TrafficSnort IDS: 716 INFO TELNET access 138.94.203.96:23 -> 192.168.2.23:50100
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.207.245.60:23 -> 192.168.2.23:59780
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.39.245.19:23 -> 192.168.2.23:35564
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 138.94.203.96:23 -> 192.168.2.23:50100
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.207.245.60:23 -> 192.168.2.23:59812
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.183.65.158:23 -> 192.168.2.23:40632
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.207.245.60:23 -> 192.168.2.23:59828
    Source: TrafficSnort IDS: 716 INFO TELNET access 138.94.203.96:23 -> 192.168.2.23:50160
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 81.47.98.136:23 -> 192.168.2.23:49334
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 81.47.98.136:23 -> 192.168.2.23:49334
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 138.94.203.96:23 -> 192.168.2.23:50160
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.207.245.60:23 -> 192.168.2.23:59868
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 31.146.191.78:23 -> 192.168.2.23:52430
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 31.146.191.78:23 -> 192.168.2.23:52430
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.207.245.60:23 -> 192.168.2.23:59878
    Source: TrafficSnort IDS: 716 INFO TELNET access 138.94.203.96:23 -> 192.168.2.23:50204
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.207.245.60:23 -> 192.168.2.23:59894
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.183.65.158:23 -> 192.168.2.23:40702
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 95.188.215.119:23 -> 192.168.2.23:58814
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 95.188.215.119:23 -> 192.168.2.23:58814
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 138.94.203.96:23 -> 192.168.2.23:50204
    Source: TrafficSnort IDS: 716 INFO TELNET access 178.207.245.60:23 -> 192.168.2.23:59928
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 81.47.98.136:23 -> 192.168.2.23:49398
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 81.47.98.136:23 -> 192.168.2.23:49398
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 31.146.191.78:23 -> 192.168.2.23:52502
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 31.146.191.78:23 -> 192.168.2.23:52502
    Source: TrafficSnort IDS: 716 INFO TELNET access 138.94.203.96:23 -> 192.168.2.23:50276
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.176.43.90:23 -> 192.168.2.23:54916
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 138.94.203.96:23 -> 192.168.2.23:50276
    Source: TrafficSnort IDS: 716 INFO TELNET access 119.198.75.166:23 -> 192.168.2.23:55652
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.176.43.90:23 -> 192.168.2.23:54946
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.183.65.158:23 -> 192.168.2.23:40800
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.176.43.90:23 -> 192.168.2.23:54916
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.176.43.90:23 -> 192.168.2.23:54916
    Source: TrafficSnort IDS: 716 INFO TELNET access 138.94.203.96:23 -> 192.168.2.23:50332
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.226.113.5:23 -> 192.168.2.23:32912
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 81.47.98.136:23 -> 192.168.2.23:49498
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 81.47.98.136:23 -> 192.168.2.23:49498
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 14.181.174.1:23 -> 192.168.2.23:47532
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 14.181.174.1:23 -> 192.168.2.23:47532
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 138.94.203.96:23 -> 192.168.2.23:50332
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 31.146.191.78:23 -> 192.168.2.23:52584
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 31.146.191.78:23 -> 192.168.2.23:52584
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.176.43.90:23 -> 192.168.2.23:54946
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.176.43.90:23 -> 192.168.2.23:54946
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.176.43.90:23 -> 192.168.2.23:55000
    Source: TrafficSnort IDS: 716 INFO TELNET access 138.94.203.96:23 -> 192.168.2.23:50368
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.183.65.158:23 -> 192.168.2.23:40858
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.99.46.41:23 -> 192.168.2.23:35484
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 138.94.203.96:23 -> 192.168.2.23:50368
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 81.47.98.136:23 -> 192.168.2.23:49558
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 81.47.98.136:23 -> 192.168.2.23:49558
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 31.146.191.78:23 -> 192.168.2.23:52640
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 31.146.191.78:23 -> 192.168.2.23:52640
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 222.99.46.41:23 -> 192.168.2.23:35484
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 222.99.46.41:23 -> 192.168.2.23:35484
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.176.43.90:23 -> 192.168.2.23:55000
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.176.43.90:23 -> 192.168.2.23:55000
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.176.43.90:23 -> 192.168.2.23:55042
    Source: TrafficSnort IDS: 716 INFO TELNET access 138.94.203.96:23 -> 192.168.2.23:50412
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 138.94.203.96:23 -> 192.168.2.23:50412
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.183.65.158:23 -> 192.168.2.23:40928
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 217.147.190.150:23 -> 192.168.2.23:57226
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 217.147.190.150:23 -> 192.168.2.23:57226
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 81.47.98.136:23 -> 192.168.2.23:49614
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 81.47.98.136:23 -> 192.168.2.23:49614
    Source: TrafficSnort IDS: 716 INFO TELNET access 138.94.203.96:23 -> 192.168.2.23:50460
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.99.46.41:23 -> 192.168.2.23:35566
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 31.146.191.78:23 -> 192.168.2.23:52712
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 31.146.191.78:23 -> 192.168.2.23:52712
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.176.43.90:23 -> 192.168.2.23:55104
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 138.94.203.96:23 -> 192.168.2.23:50460
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 222.99.46.41:23 -> 192.168.2.23:35566
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 222.99.46.41:23 -> 192.168.2.23:35566
    Source: TrafficSnort IDS: 716 INFO TELNET access 119.198.75.166:23 -> 192.168.2.23:55846
    Source: TrafficSnort IDS: 716 INFO TELNET access 138.94.203.96:23 -> 192.168.2.23:50506
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.226.113.5:23 -> 192.168.2.23:33084
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.183.65.158:23 -> 192.168.2.23:40996
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.176.43.90:23 -> 192.168.2.23:55104
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.176.43.90:23 -> 192.168.2.23:55104
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 138.94.203.96:23 -> 192.168.2.23:50506
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 81.47.98.136:23 -> 192.168.2.23:49694
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 81.47.98.136:23 -> 192.168.2.23:49694
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 217.147.190.150:23 -> 192.168.2.23:57310
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 217.147.190.150:23 -> 192.168.2.23:57310
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.226.113.5:23 -> 192.168.2.23:33096
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 31.146.191.78:23 -> 192.168.2.23:52774
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 31.146.191.78:23 -> 192.168.2.23:52774
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.99.46.41:23 -> 192.168.2.23:35636
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.226.113.5:23 -> 192.168.2.23:33114
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 222.99.46.41:23 -> 192.168.2.23:35636
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 222.99.46.41:23 -> 192.168.2.23:35636
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.183.65.158:23 -> 192.168.2.23:41038
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.226.113.5:23 -> 192.168.2.23:33140
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 81.47.98.136:23 -> 192.168.2.23:49738
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 81.47.98.136:23 -> 192.168.2.23:49738
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 31.146.191.78:23 -> 192.168.2.23:52822
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 31.146.191.78:23 -> 192.168.2.23:52822
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.176.43.90:23 -> 192.168.2.23:55042
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.176.43.90:23 -> 192.168.2.23:55042
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 217.147.190.150:23 -> 192.168.2.23:57368
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 217.147.190.150:23 -> 192.168.2.23:57368
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 81.140.51.55:23 -> 192.168.2.23:41056
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 81.140.51.55:23 -> 192.168.2.23:41056
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 14.181.174.1:23 -> 192.168.2.23:47792
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 14.181.174.1:23 -> 192.168.2.23:47792
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.99.46.41:23 -> 192.168.2.23:35722
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.183.65.158:23 -> 192.168.2.23:41130
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 222.99.46.41:23 -> 192.168.2.23:35722
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 222.99.46.41:23 -> 192.168.2.23:35722
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 81.47.98.136:23 -> 192.168.2.23:49832
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 81.47.98.136:23 -> 192.168.2.23:49832
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 31.146.191.78:23 -> 192.168.2.23:52908
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 31.146.191.78:23 -> 192.168.2.23:52908
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.176.43.90:23 -> 192.168.2.23:55292
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 217.147.190.150:23 -> 192.168.2.23:57462
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 217.147.190.150:23 -> 192.168.2.23:57462
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 201.65.175.1:23 -> 192.168.2.23:56284
    Source: TrafficSnort IDS: 716 INFO TELNET access 119.198.75.166:23 -> 192.168.2.23:56048
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.99.46.41:23 -> 192.168.2.23:35812
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 222.99.46.41:23 -> 192.168.2.23:35812
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 222.99.46.41:23 -> 192.168.2.23:35812
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 31.146.191.78:23 -> 192.168.2.23:52986
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 31.146.191.78:23 -> 192.168.2.23:52986
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 81.47.98.136:23 -> 192.168.2.23:49912
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 81.47.98.136:23 -> 192.168.2.23:49912
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 201.65.175.1:23 -> 192.168.2.23:56370
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.176.43.90:23 -> 192.168.2.23:55292
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.176.43.90:23 -> 192.168.2.23:55292
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 217.147.190.150:23 -> 192.168.2.23:57562
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 217.147.190.150:23 -> 192.168.2.23:57562
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.226.113.5:23 -> 192.168.2.23:33354
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.226.113.5:23 -> 192.168.2.23:33386
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.99.46.41:23 -> 192.168.2.23:35914
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 201.65.175.1:23 -> 192.168.2.23:56424
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 31.146.191.78:23 -> 192.168.2.23:53054
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 31.146.191.78:23 -> 192.168.2.23:53054
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 81.47.98.136:23 -> 192.168.2.23:49988
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 81.47.98.136:23 -> 192.168.2.23:49988
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 5.226.113.5:23 -> 192.168.2.23:33462
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 222.99.46.41:23 -> 192.168.2.23:35914
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 222.99.46.41:23 -> 192.168.2.23:35914
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 201.65.175.1:23 -> 192.168.2.23:56540
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 217.147.190.150:23 -> 192.168.2.23:57688
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 217.147.190.150:23 -> 192.168.2.23:57688
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.99.46.41:23 -> 192.168.2.23:36058
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 201.65.175.1:23 -> 192.168.2.23:56568
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 222.99.46.41:23 -> 192.168.2.23:36058
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 222.99.46.41:23 -> 192.168.2.23:36058
    Source: TrafficSnort IDS: 716 INFO TELNET access 119.198.75.166:23 -> 192.168.2.23:56330
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 217.147.190.150:23 -> 192.168.2.23:57778
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 217.147.190.150:23 -> 192.168.2.23:57778
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 14.181.174.1:23 -> 192.168.2.23:48192
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 14.181.174.1:23 -> 192.168.2.23:48192
    Source: TrafficSnort IDS: 2023452 ET TROJAN Possible Linux.Mirai Login Attempt (Zte521) 192.168.2.23:59670 -> 176.35.183.81:23
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 201.65.175.1:23 -> 192.168.2.23:56640
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.99.46.41:23 -> 192.168.2.23:36160
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 222.99.46.41:23 -> 192.168.2.23:36160
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 222.99.46.41:23 -> 192.168.2.23:36160
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 217.147.190.150:23 -> 192.168.2.23:57892
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 217.147.190.150:23 -> 192.168.2.23:57892
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.176.43.90:23 -> 192.168.2.23:55712
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 201.65.175.1:23 -> 192.168.2.23:56730
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.99.46.41:23 -> 192.168.2.23:36258
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 201.65.175.1:23 -> 192.168.2.23:56778
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 222.99.46.41:23 -> 192.168.2.23:36258
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 222.99.46.41:23 -> 192.168.2.23:36258
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 217.147.190.150:23 -> 192.168.2.23:57964
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 217.147.190.150:23 -> 192.168.2.23:57964
    Source: TrafficSnort IDS: 716 INFO TELNET access 203.73.243.8:23 -> 192.168.2.23:60596
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.176.43.90:23 -> 192.168.2.23:55712
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.176.43.90:23 -> 192.168.2.23:55712
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 203.73.243.8:23 -> 192.168.2.23:60596
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 203.73.243.8:23 -> 192.168.2.23:60596
    Source: TrafficSnort IDS: 716 INFO TELNET access 119.198.75.166:23 -> 192.168.2.23:56622
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.99.46.41:23 -> 192.168.2.23:36392
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 201.65.175.1:23 -> 192.168.2.23:56910
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 222.99.46.41:23 -> 192.168.2.23:36392
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 222.99.46.41:23 -> 192.168.2.23:36392
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 217.147.190.150:23 -> 192.168.2.23:58104
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 217.147.190.150:23 -> 192.168.2.23:58104
    Source: TrafficSnort IDS: 716 INFO TELNET access 222.113.87.250:23 -> 192.168.2.23:43536
    Source: TrafficSnort IDS: 716 INFO TELNET access 203.73.243.8:23 -> 192.168.2.23:60746
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 201.65.175.1:23 -> 192.168.2.23:56948
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 203.73.243.8:23 -> 192.168.2.23:60746
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 203.73.243.8:23 -> 192.168.2.23:60746
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 14.181.174.1:23 -> 192.168.2.23:48568
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 14.181.174.1:23 -> 192.168.2.23:48568
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.176.43.90:23 -> 192.168.2.23:56038
    Source: TrafficSnort IDS: 716 INFO TELNET access 76.80.181.235:23 -> 192.168.2.23:35158
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 201.144.98.180:23 -> 192.168.2.23:36746
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.176.43.90:23 -> 192.168.2.23:56038
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.176.43.90:23 -> 192.168.2.23:56038
    Source: TrafficSnort IDS: 716 INFO TELNET access 76.80.181.235:23 -> 192.168.2.23:35214
    Source: TrafficSnort IDS: 716 INFO TELNET access 203.73.243.8:23 -> 192.168.2.23:60882
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 114.40.149.89:23 -> 192.168.2.23:48652
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 114.40.149.89:23 -> 192.168.2.23:48652
    Source: TrafficSnort IDS: 716 INFO TELNET access 123.176.43.90:23 -> 192.168.2.23:56122
    Source: TrafficSnort IDS: 716 INFO TELNET access 76.80.181.235:23 -> 192.168.2.23:35252
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 203.73.243.8:23 -> 192.168.2.23:60882
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 203.73.243.8:23 -> 192.168.2.23:60882
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 124.19.84.132:23 -> 192.168.2.23:55322
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 124.19.84.132:23 -> 192.168.2.23:55322
    Source: TrafficSnort IDS: 716 INFO TELNET access 119.198.75.166:23 -> 192.168.2.23:56852
    Source: TrafficSnort IDS: 716 INFO TELNET access 76.80.181.235:23 -> 192.168.2.23:35264
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 186.205.132.248:23 -> 192.168.2.23:54816
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 186.205.132.248:23 -> 192.168.2.23:54816
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56814
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56818
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56826
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56832
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56836
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56842
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56848
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56850
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56854
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56862
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41086
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41092
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41098
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41102
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41110
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41118
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41130
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41144
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41150
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41158
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 31.193.113.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 218.34.176.111:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 54.110.39.3:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 136.85.83.180:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 220.160.107.195:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 49.162.58.183:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 94.120.52.9:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 61.246.107.207:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 115.95.86.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 121.133.1.198:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 89.15.191.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 43.209.138.45:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 113.231.81.211:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 25.101.154.184:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 68.199.178.154:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 167.211.164.241:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 46.178.243.177:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 71.103.227.41:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 24.9.175.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 99.132.228.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 136.206.47.101:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 153.108.103.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 220.81.116.19:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 35.125.87.207:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 27.4.150.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 144.141.85.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 163.190.18.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 204.152.5.65:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 42.65.105.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 128.10.218.70:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 148.18.146.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 46.161.20.38:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 104.207.153.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 146.158.32.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 171.246.133.162:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 116.73.20.92:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 198.75.19.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 143.80.253.104:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 62.176.126.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 123.8.194.67:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 14.122.38.120:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 179.151.62.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 162.146.142.7:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 81.9.177.195:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 73.40.169.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 216.184.30.64:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 36.242.23.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 177.123.180.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 79.194.56.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 83.60.30.104:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 98.164.211.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 141.192.116.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 59.194.215.127:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 99.83.109.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 25.163.239.29:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 18.148.115.23:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 1.149.229.203:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 152.57.183.12:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 54.235.230.32:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 179.225.177.225:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 87.249.212.213:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 205.147.161.241:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 41.132.214.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 94.188.75.82:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 131.173.138.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 186.73.9.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 151.136.209.94:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 78.113.129.38:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 201.225.56.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 115.117.30.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 74.51.201.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 174.16.255.59:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 145.239.194.99:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 12.87.158.195:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 31.116.68.143:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 175.25.178.24:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 27.14.85.4:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 36.174.250.183:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 202.85.129.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:49008 -> 107.189.1.185:9331
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 188.180.80.36:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 66.172.140.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 111.146.22.188:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 138.9.35.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 154.15.55.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 114.102.16.170:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 31.248.3.203:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 143.134.126.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 44.77.177.39:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 116.230.145.72:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 98.204.242.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 98.22.88.204:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 32.153.224.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 79.19.113.23:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 73.18.83.197:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 84.1.92.119:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 20.55.145.23:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 179.154.125.24:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 36.112.42.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 154.164.160.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 92.56.18.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 194.147.149.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 20.113.243.45:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 24.53.4.7:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 166.255.162.161:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 77.5.114.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 93.148.192.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 118.137.28.148:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 85.185.70.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 153.56.138.60:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 147.58.212.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 120.246.255.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 32.86.36.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 13.169.48.171:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 190.91.10.18:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 189.246.118.18:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 19.164.218.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 165.25.78.198:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 129.21.74.184:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 185.132.174.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 221.148.241.183:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 201.39.196.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 204.234.217.95:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 126.169.236.235:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 38.4.180.97:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 5.183.22.213:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 5.76.198.149:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 154.169.221.101:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 151.226.194.216:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 162.165.233.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 195.25.133.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 110.147.226.146:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 208.56.9.102:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 212.39.216.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 182.122.125.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 161.125.165.131:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 107.243.239.40:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 153.85.130.208:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 24.16.52.63:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 83.124.130.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 59.151.229.17:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 9.106.181.34:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 40.234.160.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 151.52.228.70:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 124.104.194.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 25.180.161.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 69.197.82.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 107.147.167.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 86.31.2.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 88.31.203.150:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 121.228.58.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 148.230.10.165:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 158.173.195.98:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 23.5.220.17:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 187.239.160.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 148.30.30.246:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 4.17.83.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 141.171.110.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 211.177.178.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 119.238.152.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 60.249.21.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 13.220.130.60:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 106.52.138.214:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 114.164.196.155:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 52.179.99.8:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 156.201.213.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 44.154.206.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 191.96.246.34:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 57.17.16.56:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 27.251.185.185:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 162.246.252.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 19.36.87.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 176.253.190.232:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 37.62.138.2:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 20.12.217.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 69.79.245.171:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 139.108.128.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 116.147.59.191:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 126.190.167.2:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 52.240.239.106:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 176.56.99.170:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 196.141.74.180:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 211.65.193.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 140.94.105.53:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 182.37.249.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 187.75.226.220:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 65.4.217.246:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 173.166.80.114:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 25.139.78.223:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 152.97.158.164:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 71.165.225.253:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 216.107.55.66:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 5.90.153.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 208.155.29.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 78.26.140.143:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 171.161.238.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 42.81.242.184:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 139.234.52.73:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 80.45.110.255:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 128.137.201.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 86.50.223.64:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 49.124.225.237:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 199.77.129.243:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 151.91.136.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 93.156.198.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 61.5.240.226:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 190.54.220.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 170.148.157.251:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 159.117.79.185:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 61.196.169.157:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 197.76.242.113:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 177.211.79.90:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 173.248.26.220:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 198.218.38.20:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 62.128.103.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 63.230.70.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 113.149.89.43:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 8.225.226.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 121.148.63.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 184.198.87.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 77.42.123.170:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 155.55.143.55:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 132.59.205.180:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 180.29.247.182:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 209.81.165.204:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 185.106.248.118:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 132.49.77.154:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 124.80.20.75:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 156.64.161.62:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 187.91.136.199:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 41.9.167.126:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 121.215.7.208:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 216.255.126.215:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 137.160.246.20:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 58.72.173.150:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 220.144.244.167:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 24.174.132.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 83.210.206.176:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 129.79.113.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 157.81.114.170:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 175.59.107.203:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 132.227.176.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 95.210.59.38:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 154.41.5.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 12.15.157.197:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 207.209.39.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 125.178.254.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 209.151.52.150:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 45.29.48.182:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 156.148.15.64:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 184.231.177.159:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 8.105.48.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 177.86.176.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 156.205.162.32:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 182.228.130.211:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 203.2.250.195:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 141.1.71.104:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 32.38.116.70:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 152.189.139.90:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 98.236.105.13:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 119.10.116.144:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 185.105.12.47:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 70.113.159.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 112.120.128.254:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 116.107.21.143:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 38.31.41.131:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 32.17.162.110:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 40.194.184.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 152.171.4.146:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 98.110.13.109:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 129.20.88.218:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 177.55.147.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 157.191.136.70:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 60.225.237.194:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 2.233.157.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 99.58.111.27:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 58.47.35.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 206.142.68.151:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 89.124.220.207:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 154.0.17.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 110.177.55.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 184.158.170.59:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 143.47.221.187:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 12.173.15.30:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 88.28.62.222:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 14.40.40.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 185.137.105.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 18.138.153.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 117.148.133.153:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 155.36.78.145:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 52.52.160.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 121.0.184.234:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 222.210.163.141:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 45.134.210.78:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 186.237.80.11:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 160.142.246.29:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 181.91.181.10:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 217.66.41.197:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 18.210.18.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 218.6.189.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 2.55.209.12:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 65.211.129.48:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 88.127.103.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 130.124.1.188:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 181.52.22.224:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 206.50.161.165:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 178.171.184.241:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 66.8.81.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 209.31.106.104:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 183.49.219.209:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 86.63.56.163:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 121.21.40.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 216.180.90.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 48.231.247.213:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 8.100.178.143:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 206.39.147.98:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 153.233.141.88:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 177.61.200.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 80.221.167.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 147.136.221.93:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 150.171.31.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 133.32.80.4:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 40.42.185.173:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 141.183.20.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 78.247.79.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 36.52.47.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 204.235.171.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 149.170.79.105:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 146.242.203.93:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 187.196.78.145:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 153.33.126.216:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 213.13.55.246:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 175.16.150.46:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 196.207.148.175:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 189.170.255.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 194.147.170.58:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 164.78.155.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 17.178.31.13:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 131.31.159.28:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 66.206.72.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 140.143.132.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 97.250.64.32:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 158.85.177.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 157.220.134.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 204.51.236.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 210.41.168.166:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 48.51.249.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 118.46.63.49:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 152.150.169.185:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 209.30.178.112:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 1.115.143.126:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 53.214.17.170:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 174.245.69.78:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 83.174.41.135:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 182.193.111.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 209.124.128.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 165.184.139.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 178.181.235.120:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 24.253.119.216:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 207.220.41.83:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 40.97.129.74:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 140.57.87.64:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 31.204.151.140:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 139.63.119.93:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 187.24.148.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 35.203.169.107:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 32.161.82.11:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 12.242.91.87:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 173.5.207.137:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 119.212.71.207:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 36.43.148.215:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 74.18.243.123:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 75.72.200.111:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 81.117.248.174:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 123.8.81.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 105.24.215.41:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 126.32.196.152:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 193.62.245.236:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 121.107.184.159:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 45.185.51.109:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 79.99.105.104:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 221.225.142.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 17.165.137.203:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 45.167.48.42:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 95.106.45.95:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 143.49.152.131:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 42.170.230.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 115.158.54.178:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 165.47.50.158:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 143.252.76.91:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 79.185.82.227:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 173.119.220.9:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 175.119.62.121:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 207.253.100.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 71.98.27.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 52.144.120.68:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 58.73.38.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 180.145.142.236:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 4.242.156.1:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 47.156.57.176:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 17.172.240.202:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 19.40.232.24:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 218.177.215.131:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 176.92.180.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 138.173.246.235:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 40.54.250.28:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 51.80.187.217:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 100.25.22.248:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 41.100.167.252:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 88.61.191.155:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 8.47.172.114:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 83.110.233.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 49.156.210.60:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 125.133.67.95:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 63.169.61.92:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 185.157.123.70:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 70.18.196.187:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 77.255.24.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 147.204.251.81:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 194.227.74.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 128.195.69.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 211.176.153.107:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 194.137.14.33:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 64.201.184.190:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 51.253.217.185:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 142.125.241.221:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 216.112.141.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 132.38.69.103:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 222.227.105.188:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 97.166.46.87:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 177.140.156.57:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 110.68.23.19:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 68.248.191.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 203.69.243.206:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 134.209.177.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 73.60.223.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 148.216.19.247:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 61.64.141.231:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 113.107.63.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 89.16.33.218:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 54.196.60.181:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 50.162.29.96:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 61.224.149.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 91.221.94.48:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 40.142.24.133:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 173.91.190.223:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 133.196.216.201:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 175.243.5.98:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 37.15.78.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 115.244.184.246:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 168.185.141.248:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 143.129.16.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 53.184.59.31:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 92.155.166.134:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 89.190.33.50:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 157.248.255.217:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 64.44.121.15:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 12.166.38.230:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 38.91.35.44:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 40.137.152.5:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 65.210.174.255:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 71.188.188.198:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 132.121.72.101:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 104.230.1.114:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 123.200.179.168:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 132.44.150.0:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 105.67.146.193:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 181.10.180.161:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 137.16.231.43:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 23.168.179.210:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 158.65.12.100:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 44.69.47.7:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 123.240.41.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 196.25.62.153:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 14.226.193.31:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 65.61.128.83:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 161.169.158.81:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 220.56.18.96:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 72.91.149.90:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 113.110.117.136:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 66.110.64.172:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 176.88.83.7:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 82.125.2.160:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 68.221.75.76:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 133.217.199.241:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 139.39.201.246:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 177.119.124.38:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 32.132.156.142:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 178.37.172.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 136.165.220.167:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 116.18.223.114:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 89.196.116.217:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 178.46.31.150:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 219.159.203.21:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 208.66.34.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 189.20.219.171:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 73.152.158.10:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 134.59.120.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 73.170.194.122:2323
    Source: global trafficTCP traffic: 192.168.2.23:55519 -> 154.26.112.89:2323
    Source: unknownDNS traffic detected: queries for: bots1.firewalla1337.cc
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 31.193.113.254
    Source: unknownTCP traffic detected without corresponding DNS query: 101.6.133.196
    Source: unknownTCP traffic detected without corresponding DNS query: 144.227.34.19
    Source: unknownTCP traffic detected without corresponding DNS query: 49.87.0.254
    Source: unknownTCP traffic detected without corresponding DNS query: 115.8.101.30
    Source: unknownTCP traffic detected without corresponding DNS query: 187.142.131.2
    Source: unknownTCP traffic detected without corresponding DNS query: 218.75.146.200
    Source: unknownTCP traffic detected without corresponding DNS query: 200.123.157.240
    Source: unknownTCP traffic detected without corresponding DNS query: 184.211.141.67
    Source: unknownTCP traffic detected without corresponding DNS query: 176.255.164.133
    Source: unknownTCP traffic detected without corresponding DNS query: 58.3.251.196
    Source: unknownTCP traffic detected without corresponding DNS query: 218.34.176.111
    Source: unknownTCP traffic detected without corresponding DNS query: 189.127.98.235
    Source: unknownTCP traffic detected without corresponding DNS query: 41.19.59.108
    Source: unknownTCP traffic detected without corresponding DNS query: 218.174.168.72
    Source: unknownTCP traffic detected without corresponding DNS query: 83.155.91.49
    Source: unknownTCP traffic detected without corresponding DNS query: 112.49.101.219
    Source: unknownTCP traffic detected without corresponding DNS query: 49.100.83.148
    Source: unknownTCP traffic detected without corresponding DNS query: 9.100.67.88
    Source: unknownTCP traffic detected without corresponding DNS query: 72.201.93.20
    Source: unknownTCP traffic detected without corresponding DNS query: 148.249.39.151
    Source: unknownTCP traffic detected without corresponding DNS query: 49.146.226.129
    Source: unknownTCP traffic detected without corresponding DNS query: 14.64.43.21
    Source: unknownTCP traffic detected without corresponding DNS query: 202.21.208.168
    Source: unknownTCP traffic detected without corresponding DNS query: 109.13.200.249
    Source: unknownTCP traffic detected without corresponding DNS query: 53.34.222.140
    Source: unknownTCP traffic detected without corresponding DNS query: 211.198.97.140
    Source: unknownTCP traffic detected without corresponding DNS query: 138.157.22.227
    Source: unknownTCP traffic detected without corresponding DNS query: 136.85.83.180
    Source: unknownTCP traffic detected without corresponding DNS query: 129.141.228.191
    Source: unknownTCP traffic detected without corresponding DNS query: 208.200.240.109
    Source: unknownTCP traffic detected without corresponding DNS query: 168.166.32.14
    Source: unknownTCP traffic detected without corresponding DNS query: 134.115.117.184
    Source: unknownTCP traffic detected without corresponding DNS query: 50.234.238.243
    Source: unknownTCP traffic detected without corresponding DNS query: 95.114.47.207
    Source: unknownTCP traffic detected without corresponding DNS query: 220.160.107.195
    Source: unknownTCP traffic detected without corresponding DNS query: 35.170.81.112
    Source: unknownTCP traffic detected without corresponding DNS query: 60.209.133.30
    Source: unknownTCP traffic detected without corresponding DNS query: 105.103.120.204
    Source: unknownTCP traffic detected without corresponding DNS query: 18.202.228.101
    Source: unknownTCP traffic detected without corresponding DNS query: 141.4.50.119
    Source: unknownTCP traffic detected without corresponding DNS query: 179.196.69.90
    Source: unknownTCP traffic detected without corresponding DNS query: 165.221.218.218
    Source: unknownTCP traffic detected without corresponding DNS query: 183.41.231.74
    Source: unknownTCP traffic detected without corresponding DNS query: 167.99.144.38
    Source: unknownTCP traffic detected without corresponding DNS query: 134.45.248.136
    Source: unknownTCP traffic detected without corresponding DNS query: 36.30.123.107
    Source: unknownTCP traffic detected without corresponding DNS query: 109.12.151.32
    Source: unknownTCP traffic detected without corresponding DNS query: 49.162.58.183
    Source: unknownTCP traffic detected without corresponding DNS query: 143.47.235.166
    Source: x86-20211103-0152, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5237.1.00000000c2a55aea.00000000adfd88f2.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5237.1.000000001a887bdc.00000000531557b5.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: classification engineClassification label: mal76.troj.evad.lin@0/0@1/0
    Source: x86-20211103-0152Joe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link

    Hooking and other Techniques for Hiding and Protection:

    barindex
    Sample deletes itselfShow sources
    Source: /tmp/x86-20211103-0152 (PID: 5237)File: /tmp/x86-20211103-0152Jump to behavior
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56814
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56818
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56826
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56832
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56836
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56842
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56848
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56850
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56854
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 56862
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41086
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41092
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41098
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41102
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41110
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41118
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41130
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41144
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41150
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 41158

    Stealing of Sensitive Information:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionFile Deletion1OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    x86-20211103-015249%VirustotalBrowse
    x86-20211103-015255%ReversingLabsLinux.Trojan.Mirai
    x86-20211103-0152100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    bots1.firewalla1337.cc
    107.189.1.185
    truefalse
      unknown

      Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public

      IPDomainCountryFlagASNASN NameMalicious
      117.67.217.242
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      142.228.46.212
      unknownCanada
      13576SDNW-13576USfalse
      70.91.49.232
      unknownUnited States
      7922COMCAST-7922USfalse
      45.153.14.15
      unknownRussian Federation
      208221ORIONNET-BRKRUfalse
      216.57.220.240
      unknownUnited States
      6295GREENHOUSE-WAUSfalse
      14.143.23.186
      unknownIndia
      4755TATACOMM-ASTATACommunicationsformerlyVSNLisLeadingISPfalse
      148.180.55.76
      unknownUnited States
      6400CompaniaDominicanadeTelefonosSADOfalse
      222.202.165.80
      unknownChina
      4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
      198.40.41.36
      unknownUnited States
      26854NYSUSfalse
      79.213.16.154
      unknownGermany
      3320DTAGInternetserviceprovideroperationsDEfalse
      118.98.129.75
      unknownIndonesia
      17974TELKOMNET-AS2-APPTTelekomunikasiIndonesiaIDfalse
      145.153.116.158
      unknownNetherlands
      1103SURFNET-NLSURFnetTheNetherlandsNLfalse
      53.225.188.124
      unknownGermany
      31399DAIMLER-ASITIGNGlobalNetworkDEfalse
      91.143.209.253
      unknownSerbia
      31042SERBIA-BROADBAND-ASSerbiaBroadBand-SrpskeKablovskemrezefalse
      70.201.63.234
      unknownUnited States
      22394CELLCOUSfalse
      27.215.103.174
      unknownChina
      4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      88.41.34.31
      unknownItaly
      3269ASN-IBSNAZITfalse
      134.11.167.68
      unknownUnited States
      6041DNIC-ASBLK-05800-06055USfalse
      129.3.48.62
      unknownUnited States
      14433SUNY-OSWEGO-ASNUSfalse
      213.241.87.171
      unknownPoland
      12741AS-NETIAWarszawa02-822PLfalse
      92.193.186.68
      unknownGermany
      20676PLUSNETDEfalse
      203.169.176.73
      unknownHong Kong
      9293HKNET-VIPNETNTTComAsiaLimitedHKfalse
      24.219.213.161
      unknownUnited States
      8092AMHUSfalse
      13.14.139.185
      unknownUnited States
      22390XEROX-WBUSfalse
      123.72.218.66
      unknownChina
      9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
      159.210.217.163
      unknownItaly
      131090CAT-IDC-4BYTENET-AS-APCATTELECOMPublicCompanyLtdCATTfalse
      98.235.18.108
      unknownUnited States
      7922COMCAST-7922USfalse
      53.246.64.7
      unknownGermany
      31399DAIMLER-ASITIGNGlobalNetworkDEfalse
      118.117.187.154
      unknownChina
      139220CHINANET-SICHUAN-CHUANXI-IDCSichuanChuanxnIDCCNfalse
      97.158.142.172
      unknownUnited States
      6167CELLCO-PARTUSfalse
      2.170.128.67
      unknownGermany
      3320DTAGInternetserviceprovideroperationsDEfalse
      208.43.199.95
      unknownUnited States
      36351SOFTLAYERUSfalse
      92.184.7.55
      unknownFrance
      12479UNI2-ASESfalse
      41.240.157.122
      unknownSudan
      36998SDN-MOBITELSDfalse
      135.72.175.235
      unknownUnited States
      18676AVAYAUSfalse
      217.30.98.102
      unknownMalta
      15892MITTS-NETMTfalse
      132.232.151.150
      unknownChina
      45090CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompafalse
      184.172.25.16
      unknownUnited States
      36351SOFTLAYERUSfalse
      114.73.237.81
      unknownAustralia
      4804MPX-ASMicroplexPTYLTDAUfalse
      189.206.1.71
      unknownMexico
      11172AlestraSdeRLdeCVMXfalse
      116.13.183.182
      unknownChina
      4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse
      97.163.91.171
      unknownUnited States
      6167CELLCO-PARTUSfalse
      182.102.227.102
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      124.108.152.70
      unknownTaiwan; Republic of China (ROC)
      9924TFN-TWTaiwanFixedNetworkTelcoandNetworkServiceProvifalse
      47.104.53.185
      unknownChina
      37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
      195.107.90.248
      unknownUnited Kingdom
      8437UTA-ASATfalse
      167.109.220.135
      unknownUnited States
      6057AdministracionNacionaldeTelecomunicacionesUYfalse
      126.71.91.43
      unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
      5.234.190.62
      unknownIran (ISLAMIC Republic Of)
      58224TCIIRfalse
      184.50.149.116
      unknownUnited States
      16625AKAMAI-ASUSfalse
      78.218.37.115
      unknownFrance
      12322PROXADFRfalse
      113.131.9.25
      unknownKorea Republic of
      9697CJHAEUNDAEGIJANG-AS-KRLGHelloVisionCorpKRfalse
      80.214.139.42
      unknownFrance
      5410BOUYGTEL-ISPFRfalse
      170.206.48.0
      unknownUnited States
      11685HNBCOL-ASUSfalse
      148.157.94.104
      unknownUnited States
      18715NYPAUSfalse
      122.157.183.89
      unknownChina
      4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      45.201.177.22
      unknownSeychelles
      131178KINGCORP-KHOpenNetISPCambodiaKHfalse
      200.238.68.126
      unknownBrazil
      10938AGENCIAESTADUALDETECNOLOGIADAINFORMACAO-ATIBRfalse
      134.88.115.76
      unknownUnited States
      394003UMASSDUSfalse
      65.37.3.125
      unknownUnited States
      5650FRONTIER-FRTRUSfalse
      212.167.164.209
      unknownEuropean Union
      51964ORANGE-BUSINESS-SERVICES-IPSN-ASNFRfalse
      149.214.223.243
      unknownGermany
      5605NETUSEDEfalse
      91.29.31.39
      unknownGermany
      3320DTAGInternetserviceprovideroperationsDEfalse
      93.75.8.89
      unknownUkraine
      25229VOLIA-ASUAfalse
      174.100.158.2
      unknownUnited States
      10796TWC-10796-MIDWESTUSfalse
      27.206.89.52
      unknownChina
      4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      54.39.101.232
      unknownCanada
      16276OVHFRfalse
      12.234.177.204
      unknownUnited States
      7018ATT-INTERNET4USfalse
      48.102.229.207
      unknownUnited States
      2686ATGS-MMD-ASUSfalse
      160.147.196.225
      unknownUnited States
      1503DNIC-AS-01503USfalse
      71.173.20.100
      unknownUnited States
      701UUNETUSfalse
      44.254.248.7
      unknownUnited States
      16509AMAZON-02USfalse
      97.60.167.5
      unknownUnited States
      22394CELLCOUSfalse
      18.97.63.27
      unknownUnited States
      3MIT-GATEWAYSUSfalse
      171.194.174.190
      unknownUnited States
      10794BANKAMERICAUSfalse
      50.192.53.93
      unknownUnited States
      7922COMCAST-7922USfalse
      203.157.28.66
      unknownThailand
      9649MOPH-TH-APInformationTechnologyOfficeSGfalse
      144.182.0.226
      unknownUnited States
      721DNIC-ASBLK-00721-00726USfalse
      221.177.195.70
      unknownChina
      9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
      17.123.177.174
      unknownUnited States
      714APPLE-ENGINEERINGUSfalse
      207.167.245.229
      unknownCanada
      852ASN852CAfalse
      13.157.7.65
      unknownUnited States
      7018ATT-INTERNET4USfalse
      137.90.157.222
      unknownUnited States
      14977STATE-OF-WYOMING-ASNUSfalse
      171.14.155.147
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      43.18.191.129
      unknownJapan4249LILLY-ASUSfalse
      66.184.36.114
      unknownUnited States
      7029WINDSTREAMUSfalse
      182.177.155.166
      unknownPakistan
      45595PKTELECOM-AS-PKPakistanTelecomCompanyLimitedPKfalse
      14.3.193.10
      unknownJapan4685ASAHI-NETAsahiNetJPfalse
      203.87.148.54
      unknownPhilippines
      10139SMARTBRO-PH-APSmartBroadbandIncPHfalse
      106.61.187.105
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      174.207.156.1
      unknownUnited States
      22394CELLCOUSfalse
      156.253.18.34
      unknownSeychelles
      137443ANCHGLOBAL-AS-APAnchnetAsiaLimitedHKfalse
      138.20.119.49
      unknownUnited States
      11078BROWNUSfalse
      60.207.58.5
      unknownChina
      4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
      97.61.226.167
      unknownUnited States
      22394CELLCOUSfalse
      14.104.194.177
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      60.215.203.221
      unknownChina
      4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      84.81.162.155
      unknownNetherlands
      1136KPNKPNNationalEUfalse
      158.88.179.153
      unknownUnited States
      20379NET-BAKERUSfalse
      116.61.37.183
      unknownChina
      4538ERX-CERNET-BKBChinaEducationandResearchNetworkCenterfalse


      Runtime Messages

      Command:/tmp/x86-20211103-0152
      Exit Code:0
      Exit Code Info:
      Killed:False
      Standard Output:
      InfectedNight did its job
      Standard Error:

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      213.241.87.1717bkrFirKokGet hashmaliciousBrowse

        Domains

        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
        bots1.firewalla1337.ccmips-20211103-0152Get hashmaliciousBrowse
        • 107.189.1.185
        mipselGet hashmaliciousBrowse
        • 107.189.1.185
        armGet hashmaliciousBrowse
        • 107.189.1.185
        arm7-20211101-1513Get hashmaliciousBrowse
        • 107.189.1.185
        mipsGet hashmaliciousBrowse
        • 107.189.1.185
        Z7QqCH0bakGet hashmaliciousBrowse
        • 107.189.1.185
        x86_64Get hashmaliciousBrowse
        • 107.189.1.185
        jJ6GK5qbZtGet hashmaliciousBrowse
        • 107.189.1.185
        KPz4ERtS9aGet hashmaliciousBrowse
        • 107.189.1.185
        UNNEIaOxVMGet hashmaliciousBrowse
        • 107.189.1.185
        ATc5uxXlTpGet hashmaliciousBrowse
        • 107.189.1.185
        il32XbklZmGet hashmaliciousBrowse
        • 107.189.1.185
        IN7REq0Jv5Get hashmaliciousBrowse
        • 107.189.1.185
        HDgtpV43hXGet hashmaliciousBrowse
        • 107.189.1.185
        B2WBaqkm8kGet hashmaliciousBrowse
        • 107.189.1.185
        7SerHvEAjEGet hashmaliciousBrowse
        • 107.189.1.185
        i686Get hashmaliciousBrowse
        • 107.189.1.185
        m5DozqUO2tGet hashmaliciousBrowse
        • 107.189.1.185
        avxeC9WssiGet hashmaliciousBrowse
        • 107.189.1.185
        ayx5kFWYmZGet hashmaliciousBrowse
        • 107.189.1.185

        ASN

        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
        SDNW-13576USsora.x86Get hashmaliciousBrowse
        • 142.130.161.15
        Ko84iLip1uGet hashmaliciousBrowse
        • 142.212.51.44
        Yoshi.armGet hashmaliciousBrowse
        • 142.200.80.38
        hvYTLlrdRmGet hashmaliciousBrowse
        • 142.209.122.156
        MPnFvIsvJpGet hashmaliciousBrowse
        • 142.212.99.59
        cosvgegE1SGet hashmaliciousBrowse
        • 142.130.66.50
        mkRkjGXjDJGet hashmaliciousBrowse
        • 142.10.164.48
        eBQ4XSarFtGet hashmaliciousBrowse
        • 142.211.174.27
        BXQb7BRQx7Get hashmaliciousBrowse
        • 142.16.131.111
        9aAl5Mt3JzGet hashmaliciousBrowse
        • 142.210.58.123
        QqhaOHWtCUGet hashmaliciousBrowse
        • 142.200.79.60
        b3astmode.x86Get hashmaliciousBrowse
        • 142.193.243.68
        b3astmode.arm7Get hashmaliciousBrowse
        • 142.220.188.39
        KKveTTgaAAsecNNaaaa.x86Get hashmaliciousBrowse
        • 142.16.112.47
        KKveTTgaAAsecNNaaaa.arm7Get hashmaliciousBrowse
        • 142.212.75.71
        RkH17dHLZtGet hashmaliciousBrowse
        • 142.209.69.126
        b3astmode.arm7Get hashmaliciousBrowse
        • 142.220.188.50
        z0x3n.x86Get hashmaliciousBrowse
        • 66.115.210.166
        b3astmode.arm7-20211011-1850Get hashmaliciousBrowse
        • 142.16.178.153
        mips-20211007-1618Get hashmaliciousBrowse
        • 142.211.37.187
        CHINANET-BACKBONENo31Jin-rongStreetCNmips-20211103-0152Get hashmaliciousBrowse
        • 111.228.229.65
        sora.armGet hashmaliciousBrowse
        • 115.216.104.211
        sora.x86Get hashmaliciousBrowse
        • 171.209.7.158
        sora.x86Get hashmaliciousBrowse
        • 106.6.100.225
        sora.armGet hashmaliciousBrowse
        • 183.4.32.19
        sora.arm7Get hashmaliciousBrowse
        • 1.195.66.22
        sora.arm7Get hashmaliciousBrowse
        • 115.231.119.54
        sora.x86Get hashmaliciousBrowse
        • 220.183.55.54
        sora.armGet hashmaliciousBrowse
        • 183.4.31.124
        RlP4DUwOBHGet hashmaliciousBrowse
        • 61.144.58.240
        sora.x86Get hashmaliciousBrowse
        • 121.207.26.16
        sora.arm7Get hashmaliciousBrowse
        • 125.81.144.7
        WmEErPtdS9Get hashmaliciousBrowse
        • 120.38.227.156
        3Htna329pCGet hashmaliciousBrowse
        • 125.113.173.182
        uTGiKHSeyvGet hashmaliciousBrowse
        • 110.86.51.222
        sora.x86Get hashmaliciousBrowse
        • 110.167.231.74
        sora.arm7Get hashmaliciousBrowse
        • 106.63.74.131
        sora.armGet hashmaliciousBrowse
        • 222.185.3.25
        6A9RyJXCd7Get hashmaliciousBrowse
        • 117.89.157.112
        mipselGet hashmaliciousBrowse
        • 171.43.62.146

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
        Entropy (8bit):6.426601263779105
        TrID:
        • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
        • ELF Executable and Linkable format (generic) (4004/1) 49.84%
        File name:x86-20211103-0152
        File size:86800
        MD5:48bfe55d7795f2d6905c6cdbea372b9b
        SHA1:760d6b9c2779c3bb8f5eb2c8e1b95824fb8277dc
        SHA256:fa1be914982a111f999fee0ed612d94ba9d0792257ee54c41acba3c2126e35ab
        SHA512:dbf026fc8e0079a91b0829d67596b4d705e7e67ee2956a44b91a29440634c626e182f198366d9c9b4d5d93a42dcf49fb1bd25ff8aa605dfd759fbb09e29ba5dc
        SSDEEP:1536:hNw7TjznqVg1WeAvqwjP1Zr7uuInqYtHsnYkf01hwkq/rnVzWX9yX/miwwEH:fw7vzdrAvhjP1Zr7/InqYtHsnw16kErK
        File Content Preview:.ELF....................d...4....Q......4. ...(......................I...I...............P..........@...............Q.td............................U..S.......wO...h.....,..[]...$.............U......=@....t..5....$......$.......u........t....h............

        Static ELF Info

        ELF header

        Class:ELF32
        Data:2's complement, little endian
        Version:1 (current)
        Machine:Intel 80386
        Version Number:0x1
        Type:EXEC (Executable file)
        OS/ABI:UNIX - System V
        ABI Version:0
        Entry Point Address:0x8048164
        Flags:0x0
        ELF Header Size:52
        Program Header Offset:52
        Program Header Size:32
        Number of Program Headers:3
        Section Header Offset:86400
        Section Header Size:40
        Number of Section Headers:10
        Header String Table Index:9

        Sections

        NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
        NULL0x00x00x00x00x0000
        .initPROGBITS0x80480940x940x1c0x00x6AX001
        .textPROGBITS0x80480b00xb00x12d060x00x6AX0016
        .finiPROGBITS0x805adb60x12db60x170x00x6AX001
        .rodataPROGBITS0x805ade00x12de00x1ba00x00x2A0032
        .ctorsPROGBITS0x805d0000x150000x80x00x3WA004
        .dtorsPROGBITS0x805d0080x150080x80x00x3WA004
        .dataPROGBITS0x805d0200x150200x1200x00x3WA0032
        .bssNOBITS0x805d1400x151400x8400x00x3WA0032
        .shstrtabSTRTAB0x00x151400x3e0x00x0001

        Program Segments

        TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
        LOAD0x00x80480000x80480000x149800x149803.90680x5R E0x1000.init .text .fini .rodata
        LOAD0x150000x805d0000x805d0000x1400x9802.47830x6RW 0x1000.ctors .dtors .data .bss
        GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Nov 3, 2021 03:27:07.473459959 CET555192323192.168.2.2331.193.113.254
        Nov 3, 2021 03:27:07.473468065 CET5551923192.168.2.23101.6.133.196
        Nov 3, 2021 03:27:07.473472118 CET5551923192.168.2.23144.227.34.19
        Nov 3, 2021 03:27:07.473472118 CET5551923192.168.2.2349.87.0.254
        Nov 3, 2021 03:27:07.473490000 CET5551923192.168.2.23115.8.101.30
        Nov 3, 2021 03:27:07.473499060 CET5551923192.168.2.23187.142.131.2
        Nov 3, 2021 03:27:07.473501921 CET5551923192.168.2.23218.75.146.200
        Nov 3, 2021 03:27:07.473503113 CET5551923192.168.2.23200.123.157.240
        Nov 3, 2021 03:27:07.473510027 CET5551923192.168.2.23184.211.141.67
        Nov 3, 2021 03:27:07.473515034 CET5551923192.168.2.23176.255.164.133
        Nov 3, 2021 03:27:07.473515987 CET5551923192.168.2.2358.3.251.196
        Nov 3, 2021 03:27:07.473519087 CET555192323192.168.2.23218.34.176.111
        Nov 3, 2021 03:27:07.473532915 CET5551923192.168.2.23189.127.98.235
        Nov 3, 2021 03:27:07.473536015 CET5551923192.168.2.2341.19.59.108
        Nov 3, 2021 03:27:07.473541021 CET5551923192.168.2.23218.174.168.72
        Nov 3, 2021 03:27:07.473545074 CET5551923192.168.2.2383.155.91.49
        Nov 3, 2021 03:27:07.473547935 CET5551923192.168.2.23112.49.101.219
        Nov 3, 2021 03:27:07.473547935 CET5551923192.168.2.2349.100.83.148
        Nov 3, 2021 03:27:07.473553896 CET5551923192.168.2.239.100.67.88
        Nov 3, 2021 03:27:07.473555088 CET5551923192.168.2.2372.201.93.20
        Nov 3, 2021 03:27:07.473556042 CET5551923192.168.2.23148.249.39.151
        Nov 3, 2021 03:27:07.473557949 CET555192323192.168.2.2354.110.39.3
        Nov 3, 2021 03:27:07.473562956 CET5551923192.168.2.2349.146.226.129
        Nov 3, 2021 03:27:07.473565102 CET5551923192.168.2.2363.10.173.4
        Nov 3, 2021 03:27:07.473568916 CET5551923192.168.2.2314.64.43.21
        Nov 3, 2021 03:27:07.473572016 CET5551923192.168.2.23202.21.208.168
        Nov 3, 2021 03:27:07.473575115 CET5551923192.168.2.23109.13.200.249
        Nov 3, 2021 03:27:07.473577976 CET5551923192.168.2.2353.34.222.140
        Nov 3, 2021 03:27:07.473579884 CET5551923192.168.2.23211.198.97.140
        Nov 3, 2021 03:27:07.473582983 CET5551923192.168.2.23138.157.22.227
        Nov 3, 2021 03:27:07.473584890 CET555192323192.168.2.23136.85.83.180
        Nov 3, 2021 03:27:07.473586082 CET5551923192.168.2.23129.141.228.191
        Nov 3, 2021 03:27:07.473587990 CET5551923192.168.2.23208.200.240.109
        Nov 3, 2021 03:27:07.473587990 CET5551923192.168.2.23168.166.32.14
        Nov 3, 2021 03:27:07.473588943 CET5551923192.168.2.23134.115.117.184
        Nov 3, 2021 03:27:07.473589897 CET5551923192.168.2.2350.234.238.243
        Nov 3, 2021 03:27:07.473592043 CET5551923192.168.2.2395.114.47.207
        Nov 3, 2021 03:27:07.473597050 CET5551923192.168.2.23129.10.3.240
        Nov 3, 2021 03:27:07.473608017 CET555192323192.168.2.23220.160.107.195
        Nov 3, 2021 03:27:07.473609924 CET5551923192.168.2.2335.170.81.112
        Nov 3, 2021 03:27:07.473617077 CET5551923192.168.2.2360.209.133.30
        Nov 3, 2021 03:27:07.473620892 CET5551923192.168.2.23105.103.120.204
        Nov 3, 2021 03:27:07.473624945 CET5551923192.168.2.2318.202.228.101
        Nov 3, 2021 03:27:07.473627090 CET5551923192.168.2.23141.4.50.119
        Nov 3, 2021 03:27:07.473632097 CET5551923192.168.2.23179.196.69.90
        Nov 3, 2021 03:27:07.473634005 CET5551923192.168.2.23165.221.218.218
        Nov 3, 2021 03:27:07.473639965 CET5551923192.168.2.23183.41.231.74
        Nov 3, 2021 03:27:07.473640919 CET5551923192.168.2.23167.99.144.38
        Nov 3, 2021 03:27:07.473644018 CET5551923192.168.2.23134.45.248.136
        Nov 3, 2021 03:27:07.473648071 CET5551923192.168.2.2336.30.123.107
        Nov 3, 2021 03:27:07.473651886 CET5551923192.168.2.23109.12.151.32
        Nov 3, 2021 03:27:07.473654985 CET555192323192.168.2.2349.162.58.183
        Nov 3, 2021 03:27:07.473656893 CET5551923192.168.2.23143.47.235.166
        Nov 3, 2021 03:27:07.473660946 CET5551923192.168.2.23154.170.230.195
        Nov 3, 2021 03:27:07.473671913 CET5551923192.168.2.23183.146.93.10
        Nov 3, 2021 03:27:07.473671913 CET5551923192.168.2.23197.254.147.65
        Nov 3, 2021 03:27:07.473680019 CET5551923192.168.2.2351.242.122.99
        Nov 3, 2021 03:27:07.473680973 CET555192323192.168.2.2394.120.52.9
        Nov 3, 2021 03:27:07.473685980 CET5551923192.168.2.2395.196.85.179
        Nov 3, 2021 03:27:07.473700047 CET5551923192.168.2.23155.120.73.211
        Nov 3, 2021 03:27:07.473700047 CET5551923192.168.2.2397.62.64.190
        Nov 3, 2021 03:27:07.473701000 CET5551923192.168.2.2342.207.132.218
        Nov 3, 2021 03:27:07.473701000 CET5551923192.168.2.23146.204.65.159
        Nov 3, 2021 03:27:07.473711014 CET5551923192.168.2.23126.91.29.73
        Nov 3, 2021 03:27:07.473711967 CET5551923192.168.2.2365.61.111.14
        Nov 3, 2021 03:27:07.473721027 CET5551923192.168.2.2370.37.65.217
        Nov 3, 2021 03:27:07.473728895 CET5551923192.168.2.23199.16.28.66
        Nov 3, 2021 03:27:07.473731041 CET5551923192.168.2.2335.252.172.59
        Nov 3, 2021 03:27:07.473731041 CET555192323192.168.2.2361.246.107.207
        Nov 3, 2021 03:27:07.473731041 CET5551923192.168.2.2337.144.7.218
        Nov 3, 2021 03:27:07.473736048 CET5551923192.168.2.2398.221.20.147
        Nov 3, 2021 03:27:07.473745108 CET5551923192.168.2.2347.178.195.118
        Nov 3, 2021 03:27:07.473745108 CET5551923192.168.2.2359.54.159.168
        Nov 3, 2021 03:27:07.473747015 CET5551923192.168.2.23177.151.60.153
        Nov 3, 2021 03:27:07.473750114 CET5551923192.168.2.2345.185.108.255
        Nov 3, 2021 03:27:07.473754883 CET5551923192.168.2.23123.22.222.152
        Nov 3, 2021 03:27:07.473757029 CET5551923192.168.2.23114.138.73.9
        Nov 3, 2021 03:27:07.473757029 CET5551923192.168.2.2358.15.56.22
        Nov 3, 2021 03:27:07.473757982 CET555192323192.168.2.23115.95.86.14
        Nov 3, 2021 03:27:07.473757982 CET5551923192.168.2.23114.180.149.67
        Nov 3, 2021 03:27:07.473761082 CET5551923192.168.2.23110.164.60.167
        Nov 3, 2021 03:27:07.473764896 CET5551923192.168.2.23190.44.172.83
        Nov 3, 2021 03:27:07.473768950 CET5551923192.168.2.2339.51.122.129
        Nov 3, 2021 03:27:07.473769903 CET5551923192.168.2.2364.246.34.80
        Nov 3, 2021 03:27:07.473769903 CET5551923192.168.2.2320.150.24.238
        Nov 3, 2021 03:27:07.473769903 CET5551923192.168.2.23163.252.94.247
        Nov 3, 2021 03:27:07.473777056 CET5551923192.168.2.23105.132.35.79
        Nov 3, 2021 03:27:07.473779917 CET5551923192.168.2.2377.89.41.47
        Nov 3, 2021 03:27:07.473779917 CET555192323192.168.2.23121.133.1.198
        Nov 3, 2021 03:27:07.473784924 CET5551923192.168.2.2350.68.71.17
        Nov 3, 2021 03:27:07.473788977 CET5551923192.168.2.2346.130.127.18
        Nov 3, 2021 03:27:07.473799944 CET5551923192.168.2.23112.226.10.88
        Nov 3, 2021 03:27:07.473802090 CET5551923192.168.2.23110.204.82.72
        Nov 3, 2021 03:27:07.473802090 CET5551923192.168.2.2331.205.180.123
        Nov 3, 2021 03:27:07.473803997 CET5551923192.168.2.23109.241.112.0
        Nov 3, 2021 03:27:07.473808050 CET5551923192.168.2.23134.33.229.82
        Nov 3, 2021 03:27:07.473814011 CET5551923192.168.2.2394.81.54.199
        Nov 3, 2021 03:27:07.473814011 CET5551923192.168.2.23156.246.168.3
        Nov 3, 2021 03:27:07.473815918 CET5551923192.168.2.23131.133.77.131
        Nov 3, 2021 03:27:07.473819971 CET5551923192.168.2.239.158.89.149

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
        Nov 3, 2021 03:27:07.472503901 CET192.168.2.231.1.1.10xf9bbStandard query (0)bots1.firewalla1337.ccA (IP address)IN (0x0001)

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
        Nov 3, 2021 03:27:07.490596056 CET1.1.1.1192.168.2.230xf9bbNo error (0)bots1.firewalla1337.cc107.189.1.185A (IP address)IN (0x0001)

        System Behavior

        General

        Start time:03:27:06
        Start date:03/11/2021
        Path:/tmp/x86-20211103-0152
        Arguments:/tmp/x86-20211103-0152
        File size:86800 bytes
        MD5 hash:48bfe55d7795f2d6905c6cdbea372b9b

        General

        Start time:03:27:06
        Start date:03/11/2021
        Path:/tmp/x86-20211103-0152
        Arguments:n/a
        File size:86800 bytes
        MD5 hash:48bfe55d7795f2d6905c6cdbea372b9b

        General

        Start time:03:27:06
        Start date:03/11/2021
        Path:/tmp/x86-20211103-0152
        Arguments:n/a
        File size:86800 bytes
        MD5 hash:48bfe55d7795f2d6905c6cdbea372b9b