Edit tour
Linux
Analysis Report
SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elf
Overview
General Information
Sample name: | SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elf |
Analysis ID: | 1528447 |
MD5: | 468e241a4d92c7b0acf08e22aeade191 |
SHA1: | aeba3559c418dd927296b60b0d7664d9454f3602 |
SHA256: | da30d60ce393511207a46b67b9af039d25cd78311b958d8745df937cbacb6328 |
Tags: | elf |
Infos: |
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Connects to many ports of the same IP (likely port scanning)
Opens /sys/class/net/* files useful for querying network interface information
Performs DNS TXT record lookups
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528447 |
Start date and time: | 2024-10-07 22:48:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 41s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elf |
Detection: | MAL |
Classification: | mal56.troj.spyw.evad.linELF@0/0@1/0 |
- VT rate limit hit for: SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elf
Command: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elf |
PID: | 6254 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Firmware update in progress |
Standard Error: |
- system is lnxubuntu20
- dash New Fork (PID: 6242, Parent: 4333)
- dash New Fork (PID: 6243, Parent: 4333)
- SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elf New Fork (PID: 6256, Parent: 6254)
- SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elf New Fork (PID: 6260, Parent: 6256)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
Networking |
---|
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Opens: | Jump to behavior | ||
Source: | Opens: | Jump to behavior | ||
Source: | Opens: | Jump to behavior | ||
Source: | Opens: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior | ||
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | DNS traffic detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 11 File Deletion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
5% | ReversingLabs | Linux.Trojan.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
iranistrash.libre | unknown | unknown | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
5.230.171.9 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
5.230.171.8 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
5.230.122.81 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.122.82 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
5.230.122.80 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
172.217.192.127 | unknown | United States | 15169 | GOOGLEUS | false | |
5.230.228.46 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.228.23 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
94.131.118.154 | unknown | Ukraine | 29632 | NASSIST-ASGI | false | |
5.230.228.44 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
5.230.229.84 | unknown | Germany | 12586 | ASGHOSTNETDE | true | |
5.230.228.62 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
194.156.98.15 | unknown | Russian Federation | 135330 | ADCDATACOM-AS-APADCDATACOMHK | false | |
5.230.118.247 | unknown | Germany | 12586 | ASGHOSTNETDE | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
5.230.171.9 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
5.230.171.8 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
5.230.122.81 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
5.230.122.82 | Get hash | malicious | Unknown | Browse | ||
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
5.230.122.80 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
5.230.228.46 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ASGHOSTNETDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
ASGHOSTNETDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
ASGHOSTNETDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
ASGHOSTNETDE | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.378383995629161 |
TrID: |
|
File name: | SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elf |
File size: | 92'348 bytes |
MD5: | 468e241a4d92c7b0acf08e22aeade191 |
SHA1: | aeba3559c418dd927296b60b0d7664d9454f3602 |
SHA256: | da30d60ce393511207a46b67b9af039d25cd78311b958d8745df937cbacb6328 |
SHA512: | 159105fab294c200a7a438dff1e0da6d65ea1bf232c3720bb626c7d50f3e50cdbd35df9b15a591a12d9481444103009a18c9ff84fb6aca17db59a25ea384533a |
SSDEEP: | 1536:GQkItelRcqhALNMaXes2Trdz5JHetZZsFqI6x/zgCsDX:GQrScqGMaXeDdzPLX |
TLSH: | 8393E70ABF510FB7E86FCD3749E91B05258D591A22F93F367A34E918F64B60B09D3860 |
File Content Preview: | .ELF....................`.@.4....f......4. ...(...............@...@.pV..pV...............`...`E..`E......*..........Q.td...............................<,..'!......'.......................<...'!... .........9'.. ........................<...'!............N9 |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 91868 |
Section Header Size: | 40 |
Number of Section Headers: | 12 |
Header String Table Index: | 11 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x400094 | 0x94 | 0x8c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x400120 | 0x120 | 0x14d50 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x414e70 | 0x14e70 | 0x5c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x414ed0 | 0x14ed0 | 0x7a0 | 0x0 | 0x2 | A | 0 | 0 | 16 |
.ctors | PROGBITS | 0x456000 | 0x16000 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x456008 | 0x16008 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x456020 | 0x16020 | 0x1a8 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.got | PROGBITS | 0x4561d0 | 0x161d0 | 0x4c0 | 0x4 | 0x10000003 | WAp | 0 | 0 | 16 |
.sbss | NOBITS | 0x456690 | 0x16690 | 0x8 | 0x0 | 0x10000003 | WAp | 0 | 0 | 4 |
.bss | NOBITS | 0x4566a0 | 0x16690 | 0x2454 | 0x0 | 0x3 | WA | 0 | 0 | 16 |
.shstrtab | STRTAB | 0x0 | 0x16690 | 0x49 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x400000 | 0x400000 | 0x15670 | 0x15670 | 5.4967 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
LOAD | 0x16000 | 0x456000 | 0x456000 | 0x690 | 0x2af4 | 3.4604 | 0x6 | RW | 0x10000 | .ctors .dtors .data .got .sbss .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 22:49:06.261842966 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 7, 2024 22:49:06.704886913 CEST | 36296 | 10554 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:49:06.710179090 CEST | 10554 | 36296 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:49:06.711055040 CEST | 36296 | 10554 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:49:06.711431980 CEST | 36296 | 10554 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:49:06.716336012 CEST | 10554 | 36296 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:49:07.029591084 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Oct 7, 2024 22:49:08.884092093 CEST | 10554 | 36296 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:49:08.884819984 CEST | 36296 | 10554 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:49:08.889760017 CEST | 10554 | 36296 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:49:11.887531996 CEST | 47532 | 25565 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:49:11.892858028 CEST | 25565 | 47532 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:49:11.892924070 CEST | 47532 | 25565 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:49:11.892950058 CEST | 47532 | 25565 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:49:11.898044109 CEST | 25565 | 47532 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:49:13.600163937 CEST | 25565 | 47532 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:49:13.600409985 CEST | 47532 | 25565 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:49:13.600610971 CEST | 47532 | 25565 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:49:13.606276989 CEST | 25565 | 47532 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:49:16.602307081 CEST | 36256 | 27050 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:49:16.719018936 CEST | 27050 | 36256 | 5.230.228.23 | 192.168.2.23 |
Oct 7, 2024 22:49:16.719181061 CEST | 36256 | 27050 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:49:16.719485044 CEST | 36256 | 27050 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:49:16.724842072 CEST | 27050 | 36256 | 5.230.228.23 | 192.168.2.23 |
Oct 7, 2024 22:49:21.363765955 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 7, 2024 22:49:26.728512049 CEST | 36256 | 27050 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:49:26.734358072 CEST | 27050 | 36256 | 5.230.228.23 | 192.168.2.23 |
Oct 7, 2024 22:49:26.734472036 CEST | 36256 | 27050 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:49:28.730963945 CEST | 55324 | 7777 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:49:28.735985041 CEST | 7777 | 55324 | 94.131.118.154 | 192.168.2.23 |
Oct 7, 2024 22:49:28.736145973 CEST | 55324 | 7777 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:49:28.736177921 CEST | 55324 | 7777 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:49:28.741106033 CEST | 7777 | 55324 | 94.131.118.154 | 192.168.2.23 |
Oct 7, 2024 22:49:33.649719954 CEST | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Oct 7, 2024 22:49:37.745286942 CEST | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Oct 7, 2024 22:49:38.744982958 CEST | 55324 | 7777 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:49:38.757812023 CEST | 7777 | 55324 | 94.131.118.154 | 192.168.2.23 |
Oct 7, 2024 22:49:38.757908106 CEST | 55324 | 7777 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:49:40.747037888 CEST | 58124 | 37777 | 192.168.2.23 | 5.230.228.62 |
Oct 7, 2024 22:49:40.753706932 CEST | 37777 | 58124 | 5.230.228.62 | 192.168.2.23 |
Oct 7, 2024 22:49:40.753909111 CEST | 58124 | 37777 | 192.168.2.23 | 5.230.228.62 |
Oct 7, 2024 22:49:40.753967047 CEST | 58124 | 37777 | 192.168.2.23 | 5.230.228.62 |
Oct 7, 2024 22:49:40.761066914 CEST | 37777 | 58124 | 5.230.228.62 | 192.168.2.23 |
Oct 7, 2024 22:49:42.444086075 CEST | 37777 | 58124 | 5.230.228.62 | 192.168.2.23 |
Oct 7, 2024 22:49:42.444472075 CEST | 58124 | 37777 | 192.168.2.23 | 5.230.228.62 |
Oct 7, 2024 22:49:42.449758053 CEST | 37777 | 58124 | 5.230.228.62 | 192.168.2.23 |
Oct 7, 2024 22:49:43.446585894 CEST | 37006 | 993 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:49:43.452022076 CEST | 993 | 37006 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:49:43.452114105 CEST | 37006 | 993 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:49:43.452147961 CEST | 37006 | 993 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:49:43.457041979 CEST | 993 | 37006 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:49:45.132492065 CEST | 993 | 37006 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:49:45.133265972 CEST | 37006 | 993 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:49:45.138480902 CEST | 993 | 37006 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:49:48.134849072 CEST | 57602 | 2222 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:49:48.140105963 CEST | 2222 | 57602 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:49:48.140233040 CEST | 57602 | 2222 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:49:48.140290976 CEST | 57602 | 2222 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:49:48.145313978 CEST | 2222 | 57602 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:49:50.284581900 CEST | 2222 | 57602 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:49:50.284861088 CEST | 57602 | 2222 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:49:50.289915085 CEST | 2222 | 57602 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:49:51.286698103 CEST | 46178 | 3544 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:49:51.292202950 CEST | 3544 | 46178 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:49:51.292268038 CEST | 46178 | 3544 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:49:51.292295933 CEST | 46178 | 3544 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:49:51.297276974 CEST | 3544 | 46178 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:49:53.459602118 CEST | 3544 | 46178 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:49:53.460220098 CEST | 46178 | 3544 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:49:53.465174913 CEST | 3544 | 46178 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:49:56.462260962 CEST | 53484 | 5222 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:49:56.467355013 CEST | 5222 | 53484 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:49:56.467521906 CEST | 53484 | 5222 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:49:56.467554092 CEST | 53484 | 5222 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:49:56.472590923 CEST | 5222 | 53484 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:49:58.648612022 CEST | 5222 | 53484 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:49:58.649159908 CEST | 53484 | 5222 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:49:58.654361963 CEST | 5222 | 53484 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:50:00.651223898 CEST | 58034 | 22022 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:50:00.656810999 CEST | 22022 | 58034 | 94.131.118.154 | 192.168.2.23 |
Oct 7, 2024 22:50:00.656893015 CEST | 58034 | 22022 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:50:00.656923056 CEST | 58034 | 22022 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:50:00.662111998 CEST | 22022 | 58034 | 94.131.118.154 | 192.168.2.23 |
Oct 7, 2024 22:50:02.310523987 CEST | 22022 | 58034 | 94.131.118.154 | 192.168.2.23 |
Oct 7, 2024 22:50:02.311175108 CEST | 58034 | 22022 | 192.168.2.23 | 94.131.118.154 |
Oct 7, 2024 22:50:02.316550970 CEST | 22022 | 58034 | 94.131.118.154 | 192.168.2.23 |
Oct 7, 2024 22:50:02.317750931 CEST | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Oct 7, 2024 22:50:03.313986063 CEST | 49768 | 5223 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:50:03.319556952 CEST | 5223 | 49768 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:50:03.319672108 CEST | 49768 | 5223 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:50:03.319746971 CEST | 49768 | 5223 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:50:03.324660063 CEST | 5223 | 49768 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:50:05.508771896 CEST | 5223 | 49768 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:50:05.509000063 CEST | 49768 | 5223 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:50:05.514039040 CEST | 5223 | 49768 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:50:06.519257069 CEST | 55022 | 443 | 192.168.2.23 | 194.156.98.15 |
Oct 7, 2024 22:50:06.519304037 CEST | 443 | 55022 | 194.156.98.15 | 192.168.2.23 |
Oct 7, 2024 22:50:06.519403934 CEST | 55022 | 443 | 192.168.2.23 | 194.156.98.15 |
Oct 7, 2024 22:50:06.523256063 CEST | 55022 | 443 | 192.168.2.23 | 194.156.98.15 |
Oct 7, 2024 22:50:06.523286104 CEST | 443 | 55022 | 194.156.98.15 | 192.168.2.23 |
Oct 7, 2024 22:50:06.523458958 CEST | 443 | 55022 | 194.156.98.15 | 192.168.2.23 |
Oct 7, 2024 22:50:08.529957056 CEST | 45770 | 3544 | 192.168.2.23 | 5.230.171.9 |
Oct 7, 2024 22:50:08.538604975 CEST | 3544 | 45770 | 5.230.171.9 | 192.168.2.23 |
Oct 7, 2024 22:50:08.539382935 CEST | 45770 | 3544 | 192.168.2.23 | 5.230.171.9 |
Oct 7, 2024 22:50:08.539383888 CEST | 45770 | 3544 | 192.168.2.23 | 5.230.171.9 |
Oct 7, 2024 22:50:08.545125961 CEST | 3544 | 45770 | 5.230.171.9 | 192.168.2.23 |
Oct 7, 2024 22:50:10.404669046 CEST | 3544 | 45770 | 5.230.171.9 | 192.168.2.23 |
Oct 7, 2024 22:50:10.405133009 CEST | 45770 | 3544 | 192.168.2.23 | 5.230.171.9 |
Oct 7, 2024 22:50:10.410104990 CEST | 3544 | 45770 | 5.230.171.9 | 192.168.2.23 |
Oct 7, 2024 22:50:12.407411098 CEST | 40398 | 7000 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:50:12.412357092 CEST | 7000 | 40398 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:50:12.412456989 CEST | 40398 | 7000 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:50:12.412498951 CEST | 40398 | 7000 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:50:12.417346954 CEST | 7000 | 40398 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:50:14.284553051 CEST | 7000 | 40398 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:50:14.285406113 CEST | 40398 | 7000 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:50:14.290371895 CEST | 7000 | 40398 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:50:17.287102938 CEST | 50882 | 27050 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:50:17.292376041 CEST | 27050 | 50882 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:50:17.292465925 CEST | 50882 | 27050 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:50:17.292505026 CEST | 50882 | 27050 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:50:17.297486067 CEST | 27050 | 50882 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:50:19.466674089 CEST | 27050 | 50882 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:50:19.466739893 CEST | 27050 | 50882 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:50:19.466952085 CEST | 27050 | 50882 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:50:19.467029095 CEST | 50882 | 27050 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:50:19.467164040 CEST | 50882 | 27050 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:50:19.467459917 CEST | 50882 | 27050 | 192.168.2.23 | 5.230.228.46 |
Oct 7, 2024 22:50:19.472965956 CEST | 27050 | 50882 | 5.230.228.46 | 192.168.2.23 |
Oct 7, 2024 22:50:22.471143961 CEST | 33662 | 7777 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:50:22.527040005 CEST | 7777 | 33662 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:50:22.527138948 CEST | 33662 | 7777 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:50:22.527237892 CEST | 33662 | 7777 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:50:22.532260895 CEST | 7777 | 33662 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:50:24.670634985 CEST | 7777 | 33662 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:50:24.671360970 CEST | 33662 | 7777 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:50:24.676444054 CEST | 7777 | 33662 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:50:25.674273014 CEST | 52592 | 2022 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:50:25.798302889 CEST | 2022 | 52592 | 5.230.228.23 | 192.168.2.23 |
Oct 7, 2024 22:50:25.798898935 CEST | 52592 | 2022 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:50:25.798954964 CEST | 52592 | 2022 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:50:25.803992033 CEST | 2022 | 52592 | 5.230.228.23 | 192.168.2.23 |
Oct 7, 2024 22:50:27.445369005 CEST | 2022 | 52592 | 5.230.228.23 | 192.168.2.23 |
Oct 7, 2024 22:50:27.446187019 CEST | 52592 | 2022 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:50:27.451622009 CEST | 2022 | 52592 | 5.230.228.23 | 192.168.2.23 |
Oct 7, 2024 22:50:29.449558973 CEST | 50248 | 18004 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:50:29.455147028 CEST | 18004 | 50248 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:50:29.455259085 CEST | 50248 | 18004 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:50:29.455327034 CEST | 50248 | 18004 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:50:29.460401058 CEST | 18004 | 50248 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:50:31.616895914 CEST | 18004 | 50248 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:50:31.617297888 CEST | 50248 | 18004 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:50:31.622796059 CEST | 18004 | 50248 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:50:34.619957924 CEST | 45116 | 5222 | 192.168.2.23 | 5.230.171.8 |
Oct 7, 2024 22:50:34.625313997 CEST | 5222 | 45116 | 5.230.171.8 | 192.168.2.23 |
Oct 7, 2024 22:50:34.625468969 CEST | 45116 | 5222 | 192.168.2.23 | 5.230.171.8 |
Oct 7, 2024 22:50:34.625507116 CEST | 45116 | 5222 | 192.168.2.23 | 5.230.171.8 |
Oct 7, 2024 22:50:34.630501032 CEST | 5222 | 45116 | 5.230.171.8 | 192.168.2.23 |
Oct 7, 2024 22:50:36.482538939 CEST | 5222 | 45116 | 5.230.171.8 | 192.168.2.23 |
Oct 7, 2024 22:50:36.483469009 CEST | 45116 | 5222 | 192.168.2.23 | 5.230.171.8 |
Oct 7, 2024 22:50:36.488869905 CEST | 5222 | 45116 | 5.230.171.8 | 192.168.2.23 |
Oct 7, 2024 22:50:37.486816883 CEST | 34586 | 18004 | 192.168.2.23 | 5.230.228.44 |
Oct 7, 2024 22:50:37.492474079 CEST | 18004 | 34586 | 5.230.228.44 | 192.168.2.23 |
Oct 7, 2024 22:50:37.492630005 CEST | 34586 | 18004 | 192.168.2.23 | 5.230.228.44 |
Oct 7, 2024 22:50:37.492671013 CEST | 34586 | 18004 | 192.168.2.23 | 5.230.228.44 |
Oct 7, 2024 22:50:37.498594046 CEST | 18004 | 34586 | 5.230.228.44 | 192.168.2.23 |
Oct 7, 2024 22:50:39.145024061 CEST | 18004 | 34586 | 5.230.228.44 | 192.168.2.23 |
Oct 7, 2024 22:50:39.145590067 CEST | 34586 | 18004 | 192.168.2.23 | 5.230.228.44 |
Oct 7, 2024 22:50:39.150702000 CEST | 18004 | 34586 | 5.230.228.44 | 192.168.2.23 |
Oct 7, 2024 22:50:40.150214911 CEST | 48526 | 2022 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:50:40.156073093 CEST | 2022 | 48526 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:50:40.156287909 CEST | 48526 | 2022 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:50:40.156451941 CEST | 48526 | 2022 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:50:40.161581993 CEST | 2022 | 48526 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:50:42.320728064 CEST | 2022 | 48526 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:50:42.321639061 CEST | 48526 | 2022 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:50:42.328243017 CEST | 2022 | 48526 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:50:45.325253963 CEST | 45868 | 3724 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:50:45.330789089 CEST | 3724 | 45868 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:50:45.331043005 CEST | 45868 | 3724 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:50:45.331043005 CEST | 45868 | 3724 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:50:45.336328983 CEST | 3724 | 45868 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:50:47.492871046 CEST | 3724 | 45868 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:50:47.493552923 CEST | 45868 | 3724 | 192.168.2.23 | 5.230.122.81 |
Oct 7, 2024 22:50:47.498527050 CEST | 3724 | 45868 | 5.230.122.81 | 192.168.2.23 |
Oct 7, 2024 22:50:48.496042967 CEST | 51920 | 6666 | 192.168.2.23 | 5.230.122.82 |
Oct 7, 2024 22:50:48.501781940 CEST | 6666 | 51920 | 5.230.122.82 | 192.168.2.23 |
Oct 7, 2024 22:50:48.501913071 CEST | 51920 | 6666 | 192.168.2.23 | 5.230.122.82 |
Oct 7, 2024 22:50:48.501982927 CEST | 51920 | 6666 | 192.168.2.23 | 5.230.122.82 |
Oct 7, 2024 22:50:48.507282019 CEST | 6666 | 51920 | 5.230.122.82 | 192.168.2.23 |
Oct 7, 2024 22:50:50.662873983 CEST | 6666 | 51920 | 5.230.122.82 | 192.168.2.23 |
Oct 7, 2024 22:50:50.663311005 CEST | 51920 | 6666 | 192.168.2.23 | 5.230.122.82 |
Oct 7, 2024 22:50:50.663737059 CEST | 51920 | 6666 | 192.168.2.23 | 5.230.122.82 |
Oct 7, 2024 22:50:50.668709993 CEST | 6666 | 51920 | 5.230.122.82 | 192.168.2.23 |
Oct 7, 2024 22:50:52.666496038 CEST | 59654 | 2022 | 192.168.2.23 | 5.230.171.8 |
Oct 7, 2024 22:50:52.671916962 CEST | 2022 | 59654 | 5.230.171.8 | 192.168.2.23 |
Oct 7, 2024 22:50:52.672024012 CEST | 59654 | 2022 | 192.168.2.23 | 5.230.171.8 |
Oct 7, 2024 22:50:52.672094107 CEST | 59654 | 2022 | 192.168.2.23 | 5.230.171.8 |
Oct 7, 2024 22:50:52.677269936 CEST | 2022 | 59654 | 5.230.171.8 | 192.168.2.23 |
Oct 7, 2024 22:50:54.552208900 CEST | 2022 | 59654 | 5.230.171.8 | 192.168.2.23 |
Oct 7, 2024 22:50:54.552800894 CEST | 59654 | 2022 | 192.168.2.23 | 5.230.171.8 |
Oct 7, 2024 22:50:54.557692051 CEST | 2022 | 59654 | 5.230.171.8 | 192.168.2.23 |
Oct 7, 2024 22:50:55.555941105 CEST | 36300 | 27050 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:50:55.561176062 CEST | 27050 | 36300 | 5.230.228.23 | 192.168.2.23 |
Oct 7, 2024 22:50:55.561291933 CEST | 36300 | 27050 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:50:55.561347961 CEST | 36300 | 27050 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:50:55.566214085 CEST | 27050 | 36300 | 5.230.228.23 | 192.168.2.23 |
Oct 7, 2024 22:50:57.191555977 CEST | 27050 | 36300 | 5.230.228.23 | 192.168.2.23 |
Oct 7, 2024 22:50:57.192413092 CEST | 36300 | 27050 | 192.168.2.23 | 5.230.228.23 |
Oct 7, 2024 22:50:57.197536945 CEST | 27050 | 36300 | 5.230.228.23 | 192.168.2.23 |
Oct 7, 2024 22:50:58.194875956 CEST | 37806 | 34567 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:50:58.466016054 CEST | 34567 | 37806 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:50:58.466147900 CEST | 37806 | 34567 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:50:58.466377974 CEST | 37806 | 34567 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:50:58.472774029 CEST | 34567 | 37806 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:51:00.306171894 CEST | 34567 | 37806 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:51:00.306984901 CEST | 37806 | 34567 | 192.168.2.23 | 5.230.118.247 |
Oct 7, 2024 22:51:00.312649012 CEST | 34567 | 37806 | 5.230.118.247 | 192.168.2.23 |
Oct 7, 2024 22:51:02.309097052 CEST | 54752 | 3074 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:51:02.314279079 CEST | 3074 | 54752 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:51:02.314388990 CEST | 54752 | 3074 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:51:02.314459085 CEST | 54752 | 3074 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:51:02.319581985 CEST | 3074 | 54752 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:51:04.476382971 CEST | 3074 | 54752 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:51:04.476686954 CEST | 54752 | 3074 | 192.168.2.23 | 5.230.229.84 |
Oct 7, 2024 22:51:04.481877089 CEST | 3074 | 54752 | 5.230.229.84 | 192.168.2.23 |
Oct 7, 2024 22:51:05.478419065 CEST | 48686 | 7000 | 192.168.2.23 | 5.230.122.80 |
Oct 7, 2024 22:51:06.235168934 CEST | 7000 | 48686 | 5.230.122.80 | 192.168.2.23 |
Oct 7, 2024 22:51:06.235373020 CEST | 48686 | 7000 | 192.168.2.23 | 5.230.122.80 |
Oct 7, 2024 22:51:06.235476971 CEST | 48686 | 7000 | 192.168.2.23 | 5.230.122.80 |
Oct 7, 2024 22:51:06.241074085 CEST | 7000 | 48686 | 5.230.122.80 | 192.168.2.23 |
Oct 7, 2024 22:51:08.444658995 CEST | 7000 | 48686 | 5.230.122.80 | 192.168.2.23 |
Oct 7, 2024 22:51:08.445375919 CEST | 48686 | 7000 | 192.168.2.23 | 5.230.122.80 |
Oct 7, 2024 22:51:08.451061010 CEST | 7000 | 48686 | 5.230.122.80 | 192.168.2.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 7, 2024 22:49:06.117692947 CEST | 57154 | 3478 | 192.168.2.23 | 172.217.192.127 |
Oct 7, 2024 22:49:06.666106939 CEST | 3478 | 57154 | 172.217.192.127 | 192.168.2.23 |
Oct 7, 2024 22:49:06.675726891 CEST | 59942 | 53 | 192.168.2.23 | 217.160.70.42 |
Oct 7, 2024 22:49:06.702955008 CEST | 53 | 59942 | 217.160.70.42 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 7, 2024 22:49:06.675726891 CEST | 192.168.2.23 | 217.160.70.42 | 0x5b86 | Standard query (0) | 16 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 7, 2024 22:49:06.702955008 CEST | 217.160.70.42 | 192.168.2.23 | 0x5b86 | No error (0) | TXT (Text strings) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 20:48:54 |
Start date (UTC): | 07/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 20:48:54 |
Start date (UTC): | 07/10/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.Duf7dMRnM8 /tmp/tmp.Pp0WR8WFhI /tmp/tmp.W7DJxaUg61 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 20:48:54 |
Start date (UTC): | 07/10/2024 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 20:48:54 |
Start date (UTC): | 07/10/2024 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.Duf7dMRnM8 /tmp/tmp.Pp0WR8WFhI /tmp/tmp.W7DJxaUg61 |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 20:49:02 |
Start date (UTC): | 07/10/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elf |
Arguments: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elf |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time (UTC): | 20:49:04 |
Start date (UTC): | 07/10/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elf |
Arguments: | - |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |
Start time (UTC): | 20:49:05 |
Start date (UTC): | 07/10/2024 |
Path: | /tmp/SecuriteInfo.com.ELF.Mirai-CVD.12952.14309.elf |
Arguments: | - |
File size: | 5773336 bytes |
MD5 hash: | 0d6f61f82cf2f781c6eb0661071d42d9 |