Edit tour
Linux
Analysis Report
na.elf
Overview
General Information
Sample name: | na.elf |
Analysis ID: | 1528789 |
MD5: | 11c85865d23eaa177bf542834dd881c6 |
SHA1: | 781d12d9c15b1290198de53d5f2b91567ca88cec |
SHA256: | 0183f3e4897805961bad3ade6ed9d34b1b9a441916a5311f2cbaf6eb12527cb1 |
Tags: | elfMiraiuser-abuse_ch |
Infos: |
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes the "systemctl" command used for controlling the systemd system and service manager
Found strings indicative of a multi-platform dropper
Reads system version information
Sample has stripped symbol table
Sample listens on a socket
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1528789 |
Start date and time: | 2024-10-08 10:57:36 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | na.elf |
Detection: | MAL |
Classification: | mal56.troj.linELF@0/0@47/0 |
Command: | /tmp/na.elf |
PID: | 5730 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | thIs wEek on xLaB lEarNs nOthinG xd |
Standard Error: |
- system is lnxubuntu20
- systemd New Fork (PID: 5774, Parent: 1)
- snap-failure New Fork (PID: 5787, Parent: 5774)
- snap-failure New Fork (PID: 5788, Parent: 5774)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | String: |
Networking |
---|
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Systemctl executable: | Jump to behavior |
Source: | Reads version info: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | Windows Management Instrumentation | 1 Systemd Service | 1 Systemd Service | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Scripting | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
37% | ReversingLabs | Linux.Backdoor.Mirai | ||
14% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
nineteen.libre | 38.60.249.66 | true | true | unknown | |
daisy.ubuntu.com | 162.213.35.24 | true | false |
| unknown |
r3racegame.indy | 154.223.21.228 | true | true | unknown | |
eighteen.pirate | 38.60.249.66 | true | true | unknown | |
kr3ddnsnet1.indy | 154.223.21.228 | true | true | unknown | |
kr2ddnsnet.dyn | 154.90.62.142 | true | true |
| unknown |
imaverygoodbadboy.libre | 154.205.144.234 | true | true | unknown | |
subcarrace.indy | 154.223.21.228 | true | true | unknown | |
nineteen.libre. [malformed] | unknown | unknown | true | unknown | |
imaverygoodbadboy.libre. [malformed] | unknown | unknown | true | unknown | |
fortyfivehundred.dyn. [malformed] | unknown | unknown | true | unknown | |
kr3ddnsnet1.indy. [malformed] | unknown | unknown | true | unknown | |
75cents.libre. [malformed] | unknown | unknown | true | unknown | |
2joints.libre. [malformed] | unknown | unknown | true | unknown | |
kr2ddnsnet.dyn. [malformed] | unknown | unknown | true | unknown | |
r3racegame.indy. [malformed] | unknown | unknown | true | unknown | |
fortyfivehundred.dyn | unknown | unknown | true | unknown | |
krddnsnet.dyn. [malformed] | unknown | unknown | true | unknown | |
21savage.dyn. [malformed] | unknown | unknown | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
154.205.144.234 | imaverygoodbadboy.libre | Seychelles | 26484 | IKGUL-26484US | true | |
154.90.62.142 | kr2ddnsnet.dyn | Seychelles | 40065 | CNSERVERSUS | true | |
154.223.21.228 | r3racegame.indy | Seychelles | 134705 | ITACE-AS-APItaceInternationalLimitedHK | true | |
38.60.249.66 | nineteen.libre | United States | 174 | COGENT-174US | true |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
154.90.62.142 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
154.223.21.228 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
38.60.249.66 | Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
nineteen.libre | Get hash | malicious | Unknown | Browse |
| |
daisy.ubuntu.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
kr3ddnsnet1.indy | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
eighteen.pirate | Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
IKGUL-26484US | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
CNSERVERSUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
ITACE-AS-APItaceInternationalLimitedHK | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | BlackMoon | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.985730285835167 |
TrID: |
|
File name: | na.elf |
File size: | 72'256 bytes |
MD5: | 11c85865d23eaa177bf542834dd881c6 |
SHA1: | 781d12d9c15b1290198de53d5f2b91567ca88cec |
SHA256: | 0183f3e4897805961bad3ade6ed9d34b1b9a441916a5311f2cbaf6eb12527cb1 |
SHA512: | e062731acb5f2b0829bea8c5a16bb56e16ef10aa059a3247704dada711f74bef1b1866479b7536ac88997128dbb0bc84a8f1c453ce10962feab883e1e5be048b |
SSDEEP: | 1536:4kn1ERPL58ctQcXARyEAcRjFKiT/ztsQcpWHl2Di7kgKR:dEPL58ctXAZ9UiT/ztsQ6Wkgy |
TLSH: | AD631849F9819F15D9D522BEFE0E018D33636B6CE3EE7212DD205F2527CA95B0A77802 |
File Content Preview: | .ELF..............(.........4...........4. ...(........p............................................................................t...hs..........................................Q.td..................................-...L..................@-.,@...0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 5 |
Section Header Offset: | 71656 |
Section Header Size: | 40 |
Number of Section Headers: | 15 |
Header String Table Index: | 14 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80d4 | 0xd4 | 0x10 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80f0 | 0xf0 | 0x107c8 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x188b8 | 0x108b8 | 0x10 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x188c8 | 0x108c8 | 0xa08 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ARM.extab | PROGBITS | 0x192d0 | 0x112d0 | 0x18 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ARM.exidx | ARM_EXIDX | 0x192e8 | 0x112e8 | 0x118 | 0x0 | 0x82 | AL | 2 | 0 | 4 |
.eh_frame | PROGBITS | 0x21400 | 0x11400 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.tbss | NOBITS | 0x21404 | 0x11404 | 0x8 | 0x0 | 0x403 | WAT | 0 | 0 | 4 |
.init_array | INIT_ARRAY | 0x21404 | 0x11404 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.fini_array | FINI_ARRAY | 0x21408 | 0x11408 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.got | PROGBITS | 0x21410 | 0x11410 | 0xa8 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x214b8 | 0x114b8 | 0x2bc | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x21774 | 0x11774 | 0x6ff4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0x11774 | 0x73 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
EXIDX | 0x112e8 | 0x192e8 | 0x192e8 | 0x118 | 0x118 | 4.4270 | 0x4 | R | 0x4 | .ARM.exidx | |
LOAD | 0x0 | 0x8000 | 0x8000 | 0x11400 | 0x11400 | 6.0009 | 0x5 | R E | 0x8000 | .init .text .fini .rodata .ARM.extab .ARM.exidx | |
LOAD | 0x11400 | 0x21400 | 0x21400 | 0x374 | 0x7368 | 4.3521 | 0x6 | RW | 0x8000 | .eh_frame .tbss .init_array .fini_array .got .data .bss | |
TLS | 0x11404 | 0x21404 | 0x21404 | 0x0 | 0x8 | 0.0000 | 0x4 | R | 0x4 | .tbss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 10:59:15.929565907 CEST | 37004 | 49376 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 10:59:15.934947968 CEST | 49376 | 37004 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 10:59:15.935017109 CEST | 37004 | 49376 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 10:59:15.940208912 CEST | 49376 | 37004 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 10:59:15.943351030 CEST | 37004 | 49376 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 10:59:15.943646908 CEST | 37004 | 49376 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 10:59:15.948340893 CEST | 49376 | 37004 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 10:59:15.948530912 CEST | 49376 | 37004 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 10:59:32.041402102 CEST | 57840 | 38429 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 10:59:32.046540976 CEST | 38429 | 57840 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 10:59:32.046602011 CEST | 57840 | 38429 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 10:59:32.046618938 CEST | 57840 | 38429 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 10:59:32.051784992 CEST | 38429 | 57840 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 10:59:32.051934958 CEST | 57840 | 38429 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 10:59:32.052006960 CEST | 38429 | 57840 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 10:59:32.056864977 CEST | 38429 | 57840 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 10:59:33.065732002 CEST | 57842 | 38429 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 10:59:33.071094990 CEST | 38429 | 57842 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 10:59:33.071155071 CEST | 57842 | 38429 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 10:59:33.071156025 CEST | 57842 | 38429 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 10:59:33.076913118 CEST | 38429 | 57842 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 10:59:33.096348047 CEST | 38429 | 57842 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 10:59:49.123207092 CEST | 55142 | 61543 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 10:59:49.128320932 CEST | 61543 | 55142 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 10:59:49.128410101 CEST | 55142 | 61543 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 10:59:49.128457069 CEST | 55142 | 61543 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 10:59:49.133260012 CEST | 61543 | 55142 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 10:59:49.134016037 CEST | 61543 | 55142 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 11:00:05.713968992 CEST | 57422 | 15987 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:00:05.718848944 CEST | 15987 | 57422 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:00:05.718955994 CEST | 57422 | 15987 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:00:05.719007969 CEST | 57422 | 15987 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:00:05.723850012 CEST | 15987 | 57422 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:00:05.724216938 CEST | 15987 | 57422 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:00:21.766124010 CEST | 36536 | 54123 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 11:00:21.770942926 CEST | 54123 | 36536 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 11:00:21.771017075 CEST | 36536 | 54123 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 11:00:21.771063089 CEST | 36536 | 54123 | 192.168.2.13 | 154.205.144.234 |
Oct 8, 2024 11:00:21.775899887 CEST | 54123 | 36536 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 11:00:21.776247025 CEST | 54123 | 36536 | 154.205.144.234 | 192.168.2.13 |
Oct 8, 2024 11:00:48.109174013 CEST | 37786 | 46852 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:00:48.114109039 CEST | 46852 | 37786 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:00:48.114176035 CEST | 37786 | 46852 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:00:48.114203930 CEST | 37786 | 46852 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:00:48.119010925 CEST | 46852 | 37786 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:00:48.119350910 CEST | 46852 | 37786 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:01:14.322014093 CEST | 44578 | 38429 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:01:14.326905012 CEST | 38429 | 44578 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:01:14.326960087 CEST | 44578 | 38429 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:01:14.326975107 CEST | 44578 | 38429 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:01:14.331809998 CEST | 38429 | 44578 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:01:14.332169056 CEST | 38429 | 44578 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:01:25.357733965 CEST | 47116 | 32876 | 192.168.2.13 | 154.90.62.142 |
Oct 8, 2024 11:01:25.362675905 CEST | 32876 | 47116 | 154.90.62.142 | 192.168.2.13 |
Oct 8, 2024 11:01:25.362771034 CEST | 47116 | 32876 | 192.168.2.13 | 154.90.62.142 |
Oct 8, 2024 11:01:25.362827063 CEST | 47116 | 32876 | 192.168.2.13 | 154.90.62.142 |
Oct 8, 2024 11:01:25.369023085 CEST | 32876 | 47116 | 154.90.62.142 | 192.168.2.13 |
Oct 8, 2024 11:01:25.369329929 CEST | 32876 | 47116 | 154.90.62.142 | 192.168.2.13 |
Oct 8, 2024 11:01:26.473359108 CEST | 45872 | 23789 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:01:26.479290962 CEST | 23789 | 45872 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:01:26.479408979 CEST | 45872 | 23789 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:01:26.479429007 CEST | 45872 | 23789 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:01:26.484386921 CEST | 23789 | 45872 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:01:26.484658003 CEST | 23789 | 45872 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:01:32.898464918 CEST | 33650 | 49376 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:01:32.903908014 CEST | 49376 | 33650 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:01:32.904006958 CEST | 33650 | 49376 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:01:32.904026985 CEST | 33650 | 49376 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:01:32.908844948 CEST | 49376 | 33650 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:01:32.909178972 CEST | 49376 | 33650 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:01:39.135612965 CEST | 59640 | 42061 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:01:39.141096115 CEST | 42061 | 59640 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:01:39.141179085 CEST | 59640 | 42061 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:01:39.141257048 CEST | 59640 | 42061 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:01:39.146703959 CEST | 42061 | 59640 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:01:39.146734953 CEST | 42061 | 59640 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:01:57.396297932 CEST | 34828 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 8, 2024 11:01:57.401041985 CEST | 53 | 34828 | 8.8.8.8 | 192.168.2.13 |
Oct 8, 2024 11:01:57.401103020 CEST | 34828 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 8, 2024 11:01:57.401145935 CEST | 34828 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 8, 2024 11:01:57.401159048 CEST | 34828 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 8, 2024 11:01:57.405988932 CEST | 53 | 34828 | 8.8.8.8 | 192.168.2.13 |
Oct 8, 2024 11:01:57.406002045 CEST | 53 | 34828 | 8.8.8.8 | 192.168.2.13 |
Oct 8, 2024 11:01:57.406343937 CEST | 53 | 34828 | 8.8.8.8 | 192.168.2.13 |
Oct 8, 2024 11:01:57.406506062 CEST | 34830 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 8, 2024 11:01:57.411408901 CEST | 53 | 34830 | 8.8.8.8 | 192.168.2.13 |
Oct 8, 2024 11:01:57.411494017 CEST | 34830 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 8, 2024 11:01:57.411511898 CEST | 34830 | 53 | 192.168.2.13 | 8.8.8.8 |
Oct 8, 2024 11:01:57.416389942 CEST | 53 | 34830 | 8.8.8.8 | 192.168.2.13 |
Oct 8, 2024 11:01:57.416795015 CEST | 53 | 34830 | 8.8.8.8 | 192.168.2.13 |
Oct 8, 2024 11:02:15.701662064 CEST | 44592 | 38429 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:02:15.707048893 CEST | 38429 | 44592 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:02:15.707103968 CEST | 44592 | 38429 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:02:15.707129002 CEST | 44592 | 38429 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:02:15.713946104 CEST | 38429 | 44592 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:02:15.714143038 CEST | 38429 | 44592 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:02:21.832966089 CEST | 42616 | 61543 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:02:21.837927103 CEST | 61543 | 42616 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:02:21.838023901 CEST | 42616 | 61543 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:02:21.838134050 CEST | 42616 | 61543 | 192.168.2.13 | 154.223.21.228 |
Oct 8, 2024 11:02:21.843029022 CEST | 61543 | 42616 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:02:21.843306065 CEST | 61543 | 42616 | 154.223.21.228 | 192.168.2.13 |
Oct 8, 2024 11:02:33.157241106 CEST | 37806 | 46852 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:02:33.163033009 CEST | 46852 | 37806 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:02:33.163115978 CEST | 37806 | 46852 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:02:33.163162947 CEST | 37806 | 46852 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:02:33.170403957 CEST | 46852 | 37806 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:02:33.170599937 CEST | 46852 | 37806 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:02:49.495203972 CEST | 45888 | 23789 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:02:49.500128984 CEST | 23789 | 45888 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:02:49.500219107 CEST | 45888 | 23789 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:02:49.500269890 CEST | 45888 | 23789 | 192.168.2.13 | 38.60.249.66 |
Oct 8, 2024 11:02:49.505145073 CEST | 23789 | 45888 | 38.60.249.66 | 192.168.2.13 |
Oct 8, 2024 11:02:49.505480051 CEST | 23789 | 45888 | 38.60.249.66 | 192.168.2.13 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 8, 2024 10:59:15.858530998 CEST | 42691 | 53 | 192.168.2.13 | 185.84.81.194 |
Oct 8, 2024 10:59:15.869194031 CEST | 53 | 42691 | 185.84.81.194 | 192.168.2.13 |
Oct 8, 2024 10:59:16.967469931 CEST | 54757 | 5353 | 192.168.2.13 | 54.36.111.116 |
Oct 8, 2024 10:59:21.968847036 CEST | 51832 | 53 | 192.168.2.13 | 130.61.64.122 |
Oct 8, 2024 10:59:21.975805998 CEST | 53 | 51832 | 130.61.64.122 | 192.168.2.13 |
Oct 8, 2024 10:59:21.976844072 CEST | 60472 | 53 | 192.168.2.13 | 130.61.64.122 |
Oct 8, 2024 10:59:21.983776093 CEST | 53 | 60472 | 130.61.64.122 | 192.168.2.13 |
Oct 8, 2024 10:59:21.984771013 CEST | 51096 | 53 | 192.168.2.13 | 63.231.92.27 |
Oct 8, 2024 10:59:26.991166115 CEST | 53381 | 5353 | 192.168.2.13 | 162.243.19.47 |
Oct 8, 2024 10:59:31.996440887 CEST | 34275 | 53 | 192.168.2.13 | 185.84.81.194 |
Oct 8, 2024 10:59:32.041038990 CEST | 53 | 34275 | 185.84.81.194 | 192.168.2.13 |
Oct 8, 2024 10:59:33.057658911 CEST | 56975 | 53 | 192.168.2.13 | 130.61.64.122 |
Oct 8, 2024 10:59:33.064780951 CEST | 53 | 56975 | 130.61.64.122 | 192.168.2.13 |
Oct 8, 2024 10:59:34.101810932 CEST | 50608 | 5353 | 192.168.2.13 | 161.97.219.84 |
Oct 8, 2024 10:59:39.106060982 CEST | 60996 | 5353 | 192.168.2.13 | 162.243.19.47 |
Oct 8, 2024 10:59:44.109415054 CEST | 45227 | 5353 | 192.168.2.13 | 185.84.81.194 |
Oct 8, 2024 10:59:49.114914894 CEST | 39537 | 53 | 192.168.2.13 | 130.61.69.123 |
Oct 8, 2024 10:59:49.121944904 CEST | 53 | 39537 | 130.61.69.123 | 192.168.2.13 |
Oct 8, 2024 10:59:50.137840033 CEST | 45342 | 5353 | 192.168.2.13 | 130.61.64.122 |
Oct 8, 2024 10:59:55.142266035 CEST | 57299 | 5353 | 192.168.2.13 | 54.36.111.116 |
Oct 8, 2024 11:00:00.145829916 CEST | 52219 | 53 | 192.168.2.13 | 130.61.64.122 |
Oct 8, 2024 11:00:00.152765036 CEST | 53 | 52219 | 130.61.64.122 | 192.168.2.13 |
Oct 8, 2024 11:00:00.154038906 CEST | 42859 | 5353 | 192.168.2.13 | 192.3.165.37 |
Oct 8, 2024 11:00:00.676029921 CEST | 5353 | 42859 | 192.3.165.37 | 192.168.2.13 |
Oct 8, 2024 11:00:00.678021908 CEST | 50516 | 53 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:00:00.689341068 CEST | 53 | 50516 | 116.203.104.203 | 192.168.2.13 |
Oct 8, 2024 11:00:00.690831900 CEST | 59354 | 53 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:00:00.701328039 CEST | 53 | 59354 | 116.203.104.203 | 192.168.2.13 |
Oct 8, 2024 11:00:00.702711105 CEST | 49305 | 5353 | 192.168.2.13 | 162.243.19.47 |
Oct 8, 2024 11:00:05.705758095 CEST | 39665 | 53 | 192.168.2.13 | 130.61.64.122 |
Oct 8, 2024 11:00:05.713243008 CEST | 53 | 39665 | 130.61.64.122 | 192.168.2.13 |
Oct 8, 2024 11:00:06.726416111 CEST | 53321 | 5353 | 192.168.2.13 | 162.243.19.47 |
Oct 8, 2024 11:00:11.730163097 CEST | 37642 | 53 | 192.168.2.13 | 130.61.69.123 |
Oct 8, 2024 11:00:11.736984015 CEST | 53 | 37642 | 130.61.69.123 | 192.168.2.13 |
Oct 8, 2024 11:00:11.738470078 CEST | 60271 | 5353 | 192.168.2.13 | 161.97.219.84 |
Oct 8, 2024 11:00:16.745151997 CEST | 34813 | 53 | 192.168.2.13 | 63.231.92.27 |
Oct 8, 2024 11:00:21.751787901 CEST | 44489 | 53 | 192.168.2.13 | 54.36.111.116 |
Oct 8, 2024 11:00:21.758389950 CEST | 38631 | 53 | 192.168.2.13 | 130.61.64.122 |
Oct 8, 2024 11:00:21.765355110 CEST | 53 | 38631 | 130.61.64.122 | 192.168.2.13 |
Oct 8, 2024 11:00:22.778590918 CEST | 43521 | 5353 | 192.168.2.13 | 54.36.111.116 |
Oct 8, 2024 11:00:27.782619953 CEST | 55297 | 53 | 192.168.2.13 | 192.3.165.37 |
Oct 8, 2024 11:00:27.886667967 CEST | 53 | 55297 | 192.3.165.37 | 192.168.2.13 |
Oct 8, 2024 11:00:27.889072895 CEST | 36824 | 53 | 192.168.2.13 | 161.97.219.84 |
Oct 8, 2024 11:00:28.076123953 CEST | 53 | 36824 | 161.97.219.84 | 192.168.2.13 |
Oct 8, 2024 11:00:28.077961922 CEST | 42609 | 5353 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:00:33.082554102 CEST | 40421 | 5353 | 192.168.2.13 | 192.3.165.37 |
Oct 8, 2024 11:00:38.086091995 CEST | 47057 | 5353 | 192.168.2.13 | 162.243.19.47 |
Oct 8, 2024 11:00:43.093581915 CEST | 47473 | 5353 | 192.168.2.13 | 162.243.19.47 |
Oct 8, 2024 11:00:48.098321915 CEST | 43280 | 53 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:00:48.108365059 CEST | 53 | 43280 | 116.203.104.203 | 192.168.2.13 |
Oct 8, 2024 11:00:49.121931076 CEST | 48806 | 5353 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:00:54.126566887 CEST | 53152 | 5353 | 192.168.2.13 | 192.3.165.37 |
Oct 8, 2024 11:00:59.132802963 CEST | 40960 | 53 | 192.168.2.13 | 63.231.92.27 |
Oct 8, 2024 11:00:59.277915955 CEST | 53 | 40960 | 63.231.92.27 | 192.168.2.13 |
Oct 8, 2024 11:00:59.279511929 CEST | 57728 | 5353 | 192.168.2.13 | 192.3.165.37 |
Oct 8, 2024 11:01:04.282350063 CEST | 54279 | 53 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:01:04.294223070 CEST | 53 | 54279 | 116.203.104.203 | 192.168.2.13 |
Oct 8, 2024 11:01:04.295644045 CEST | 50170 | 5353 | 192.168.2.13 | 162.243.19.47 |
Oct 8, 2024 11:01:09.297843933 CEST | 49398 | 5353 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:01:14.301953077 CEST | 52029 | 53 | 192.168.2.13 | 185.84.81.194 |
Oct 8, 2024 11:01:14.321525097 CEST | 53 | 52029 | 185.84.81.194 | 192.168.2.13 |
Oct 8, 2024 11:01:15.333857059 CEST | 34353 | 5353 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:01:20.340353966 CEST | 34369 | 5353 | 192.168.2.13 | 130.61.64.122 |
Oct 8, 2024 11:01:25.346447945 CEST | 38945 | 53 | 192.168.2.13 | 185.84.81.194 |
Oct 8, 2024 11:01:25.357104063 CEST | 53 | 38945 | 185.84.81.194 | 192.168.2.13 |
Oct 8, 2024 11:01:26.371840954 CEST | 52518 | 53 | 192.168.2.13 | 192.3.165.37 |
Oct 8, 2024 11:01:26.472420931 CEST | 53 | 52518 | 192.3.165.37 | 192.168.2.13 |
Oct 8, 2024 11:01:27.486666918 CEST | 60957 | 53 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:01:27.543505907 CEST | 53 | 60957 | 116.203.104.203 | 192.168.2.13 |
Oct 8, 2024 11:01:27.544744015 CEST | 53582 | 53 | 192.168.2.13 | 63.231.92.27 |
Oct 8, 2024 11:01:27.689469099 CEST | 53 | 53582 | 63.231.92.27 | 192.168.2.13 |
Oct 8, 2024 11:01:27.691077948 CEST | 54321 | 53 | 192.168.2.13 | 162.243.19.47 |
Oct 8, 2024 11:01:27.782845020 CEST | 53 | 54321 | 162.243.19.47 | 192.168.2.13 |
Oct 8, 2024 11:01:27.784034967 CEST | 56556 | 5353 | 192.168.2.13 | 54.36.111.116 |
Oct 8, 2024 11:01:32.790425062 CEST | 47438 | 53 | 192.168.2.13 | 162.243.19.47 |
Oct 8, 2024 11:01:32.875287056 CEST | 53 | 47438 | 162.243.19.47 | 192.168.2.13 |
Oct 8, 2024 11:01:32.876682997 CEST | 52607 | 53 | 192.168.2.13 | 185.84.81.194 |
Oct 8, 2024 11:01:32.886908054 CEST | 53 | 52607 | 185.84.81.194 | 192.168.2.13 |
Oct 8, 2024 11:01:32.887954950 CEST | 50392 | 53 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:01:32.898077011 CEST | 53 | 50392 | 116.203.104.203 | 192.168.2.13 |
Oct 8, 2024 11:01:33.912195921 CEST | 38396 | 5353 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:01:38.919152975 CEST | 36585 | 53 | 192.168.2.13 | 192.3.165.37 |
Oct 8, 2024 11:01:39.017618895 CEST | 53 | 36585 | 192.3.165.37 | 192.168.2.13 |
Oct 8, 2024 11:01:39.019489050 CEST | 36677 | 53 | 192.168.2.13 | 54.36.111.116 |
Oct 8, 2024 11:01:39.026046991 CEST | 47517 | 53 | 192.168.2.13 | 192.3.165.37 |
Oct 8, 2024 11:01:39.134597063 CEST | 53 | 47517 | 192.3.165.37 | 192.168.2.13 |
Oct 8, 2024 11:01:40.149669886 CEST | 46446 | 5353 | 192.168.2.13 | 130.61.64.122 |
Oct 8, 2024 11:01:45.156666994 CEST | 33822 | 53 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:01:45.658046961 CEST | 53 | 33822 | 116.203.104.203 | 192.168.2.13 |
Oct 8, 2024 11:01:45.659157038 CEST | 55330 | 5353 | 192.168.2.13 | 192.3.165.37 |
Oct 8, 2024 11:01:50.662601948 CEST | 41981 | 5353 | 192.168.2.13 | 130.61.69.123 |
Oct 8, 2024 11:01:55.669256926 CEST | 54610 | 5353 | 192.168.2.13 | 130.61.69.123 |
Oct 8, 2024 11:01:57.406469107 CEST | 59279 | 53 | 192.168.2.13 | 1.1.1.1 |
Oct 8, 2024 11:01:57.414047003 CEST | 53 | 59279 | 1.1.1.1 | 192.168.2.13 |
Oct 8, 2024 11:01:57.416881084 CEST | 46446 | 53 | 192.168.2.13 | 1.1.1.1 |
Oct 8, 2024 11:01:57.424880981 CEST | 53 | 46446 | 1.1.1.1 | 192.168.2.13 |
Oct 8, 2024 11:02:00.674654961 CEST | 58335 | 5353 | 192.168.2.13 | 162.243.19.47 |
Oct 8, 2024 11:02:05.678989887 CEST | 43138 | 5353 | 192.168.2.13 | 130.61.69.123 |
Oct 8, 2024 11:02:10.686239004 CEST | 41769 | 5353 | 192.168.2.13 | 130.61.64.122 |
Oct 8, 2024 11:02:15.690776110 CEST | 58813 | 53 | 192.168.2.13 | 185.84.81.194 |
Oct 8, 2024 11:02:15.701101065 CEST | 53 | 58813 | 185.84.81.194 | 192.168.2.13 |
Oct 8, 2024 11:02:16.717972040 CEST | 56449 | 5353 | 192.168.2.13 | 130.61.64.122 |
Oct 8, 2024 11:02:21.723447084 CEST | 33927 | 53 | 192.168.2.13 | 192.3.165.37 |
Oct 8, 2024 11:02:21.823518991 CEST | 53 | 33927 | 192.3.165.37 | 192.168.2.13 |
Oct 8, 2024 11:02:21.825352907 CEST | 40507 | 53 | 192.168.2.13 | 130.61.64.122 |
Oct 8, 2024 11:02:21.832218885 CEST | 53 | 40507 | 130.61.64.122 | 192.168.2.13 |
Oct 8, 2024 11:02:22.846743107 CEST | 39442 | 53 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:02:22.857048035 CEST | 53 | 39442 | 116.203.104.203 | 192.168.2.13 |
Oct 8, 2024 11:02:22.858402967 CEST | 38321 | 5353 | 192.168.2.13 | 161.97.219.84 |
Oct 8, 2024 11:02:27.861294031 CEST | 55252 | 5353 | 192.168.2.13 | 63.231.92.27 |
Oct 8, 2024 11:02:32.868252993 CEST | 44284 | 53 | 192.168.2.13 | 116.203.104.203 |
Oct 8, 2024 11:02:33.156251907 CEST | 53 | 44284 | 116.203.104.203 | 192.168.2.13 |
Oct 8, 2024 11:02:34.173991919 CEST | 41495 | 53 | 192.168.2.13 | 130.61.69.123 |
Oct 8, 2024 11:02:34.181627035 CEST | 53 | 41495 | 130.61.69.123 | 192.168.2.13 |
Oct 8, 2024 11:02:34.183274031 CEST | 38886 | 5353 | 192.168.2.13 | 185.84.81.194 |
Oct 8, 2024 11:02:39.190208912 CEST | 52339 | 5353 | 192.168.2.13 | 54.36.111.116 |
Oct 8, 2024 11:02:44.195240974 CEST | 34580 | 53 | 192.168.2.13 | 161.97.219.84 |
Oct 8, 2024 11:02:44.380104065 CEST | 53 | 34580 | 161.97.219.84 | 192.168.2.13 |
Oct 8, 2024 11:02:44.381880999 CEST | 54405 | 53 | 192.168.2.13 | 192.3.165.37 |
Oct 8, 2024 11:02:44.481692076 CEST | 53 | 54405 | 192.3.165.37 | 192.168.2.13 |
Oct 8, 2024 11:02:44.482814074 CEST | 47396 | 5353 | 192.168.2.13 | 185.84.81.194 |
Oct 8, 2024 11:02:49.487138987 CEST | 60100 | 53 | 192.168.2.13 | 130.61.69.123 |
Oct 8, 2024 11:02:49.494661093 CEST | 53 | 60100 | 130.61.69.123 | 192.168.2.13 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Oct 8, 2024 11:00:21.757155895 CEST | 54.36.111.116 | 192.168.2.13 | 6584 | (Port unreachable) | Destination Unreachable |
Oct 8, 2024 11:01:39.024661064 CEST | 54.36.111.116 | 192.168.2.13 | 6584 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 8, 2024 10:59:15.858530998 CEST | 192.168.2.13 | 185.84.81.194 | 0x21af | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:59:21.968847036 CEST | 192.168.2.13 | 130.61.64.122 | 0x62ce | Standard query (0) | 256 | 361 | false | |
Oct 8, 2024 10:59:21.976844072 CEST | 192.168.2.13 | 130.61.64.122 | 0x3701 | Standard query (0) | 256 | 361 | false | |
Oct 8, 2024 10:59:21.984771013 CEST | 192.168.2.13 | 63.231.92.27 | 0xae8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:59:31.996440887 CEST | 192.168.2.13 | 185.84.81.194 | 0x9d68 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:59:33.057658911 CEST | 192.168.2.13 | 130.61.64.122 | 0xa40e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 10:59:49.114914894 CEST | 192.168.2.13 | 130.61.69.123 | 0x5d50 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:00:00.145829916 CEST | 192.168.2.13 | 130.61.64.122 | 0x42f9 | Standard query (0) | 256 | 400 | false | |
Oct 8, 2024 11:00:00.678021908 CEST | 192.168.2.13 | 116.203.104.203 | 0x4de3 | Standard query (0) | 256 | 400 | false | |
Oct 8, 2024 11:00:00.690831900 CEST | 192.168.2.13 | 116.203.104.203 | 0x46ee | Standard query (0) | 256 | 400 | false | |
Oct 8, 2024 11:00:05.705758095 CEST | 192.168.2.13 | 130.61.64.122 | 0xf562 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:00:11.730163097 CEST | 192.168.2.13 | 130.61.69.123 | 0x4df4 | Standard query (0) | 256 | 411 | false | |
Oct 8, 2024 11:00:16.745151997 CEST | 192.168.2.13 | 63.231.92.27 | 0xf18a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:00:21.751787901 CEST | 192.168.2.13 | 54.36.111.116 | 0x987f | Standard query (0) | 256 | 421 | false | |
Oct 8, 2024 11:00:21.758389950 CEST | 192.168.2.13 | 130.61.64.122 | 0x6dd0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:00:27.782619953 CEST | 192.168.2.13 | 192.3.165.37 | 0x9b2a | Standard query (0) | 256 | 427 | false | |
Oct 8, 2024 11:00:27.889072895 CEST | 192.168.2.13 | 161.97.219.84 | 0xa1cc | Standard query (0) | 256 | 428 | false | |
Oct 8, 2024 11:00:48.098321915 CEST | 192.168.2.13 | 116.203.104.203 | 0x8822 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:00:59.132802963 CEST | 192.168.2.13 | 63.231.92.27 | 0x3fad | Standard query (0) | 256 | 459 | false | |
Oct 8, 2024 11:01:04.282350063 CEST | 192.168.2.13 | 116.203.104.203 | 0xb86a | Standard query (0) | 256 | 464 | false | |
Oct 8, 2024 11:01:14.301953077 CEST | 192.168.2.13 | 185.84.81.194 | 0x8cf0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:01:25.346447945 CEST | 192.168.2.13 | 185.84.81.194 | 0x2286 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:01:26.371840954 CEST | 192.168.2.13 | 192.3.165.37 | 0xe851 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:01:27.486666918 CEST | 192.168.2.13 | 116.203.104.203 | 0x61e3 | Standard query (0) | 256 | 487 | false | |
Oct 8, 2024 11:01:27.544744015 CEST | 192.168.2.13 | 63.231.92.27 | 0x7d3 | Standard query (0) | 256 | 487 | false | |
Oct 8, 2024 11:01:27.691077948 CEST | 192.168.2.13 | 162.243.19.47 | 0x14ba | Standard query (0) | 256 | 487 | false | |
Oct 8, 2024 11:01:32.790425062 CEST | 192.168.2.13 | 162.243.19.47 | 0xfa65 | Standard query (0) | 256 | 492 | false | |
Oct 8, 2024 11:01:32.876682997 CEST | 192.168.2.13 | 185.84.81.194 | 0xcd81 | Standard query (0) | 256 | 492 | false | |
Oct 8, 2024 11:01:32.887954950 CEST | 192.168.2.13 | 116.203.104.203 | 0xbb5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:01:38.919152975 CEST | 192.168.2.13 | 192.3.165.37 | 0xa67f | Standard query (0) | 256 | 499 | false | |
Oct 8, 2024 11:01:39.019489050 CEST | 192.168.2.13 | 54.36.111.116 | 0xbd19 | Standard query (0) | 256 | 499 | false | |
Oct 8, 2024 11:01:39.026046991 CEST | 192.168.2.13 | 192.3.165.37 | 0xeb48 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:01:45.156666994 CEST | 192.168.2.13 | 116.203.104.203 | 0x896a | Standard query (0) | 256 | 505 | false | |
Oct 8, 2024 11:01:57.401145935 CEST | 192.168.2.13 | 8.8.8.8 | 0x270f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:01:57.401159048 CEST | 192.168.2.13 | 8.8.8.8 | 0xfc47 | Standard query (0) | 28 | IN (0x0001) | false | |
Oct 8, 2024 11:01:57.406469107 CEST | 192.168.2.13 | 1.1.1.1 | 0xfc47 | Standard query (0) | 28 | IN (0x0001) | false | |
Oct 8, 2024 11:01:57.411511898 CEST | 192.168.2.13 | 8.8.8.8 | 0x270f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:01:57.416881084 CEST | 192.168.2.13 | 1.1.1.1 | 0x270f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:02:15.690776110 CEST | 192.168.2.13 | 185.84.81.194 | 0x11d4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:02:21.723447084 CEST | 192.168.2.13 | 192.3.165.37 | 0x8628 | Standard query (0) | 256 | 285 | false | |
Oct 8, 2024 11:02:21.825352907 CEST | 192.168.2.13 | 130.61.64.122 | 0x72f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:02:22.846743107 CEST | 192.168.2.13 | 116.203.104.203 | 0x1d68 | Standard query (0) | 256 | 286 | false | |
Oct 8, 2024 11:02:32.868252993 CEST | 192.168.2.13 | 116.203.104.203 | 0x5c4e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 8, 2024 11:02:34.173991919 CEST | 192.168.2.13 | 130.61.69.123 | 0x6574 | Standard query (0) | 256 | 298 | false | |
Oct 8, 2024 11:02:44.195240974 CEST | 192.168.2.13 | 161.97.219.84 | 0xfa83 | Standard query (0) | 256 | 308 | false | |
Oct 8, 2024 11:02:44.381880999 CEST | 192.168.2.13 | 192.3.165.37 | 0x7a3d | Standard query (0) | 256 | 308 | false | |
Oct 8, 2024 11:02:49.487138987 CEST | 192.168.2.13 | 130.61.69.123 | 0xd640 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 8, 2024 10:59:15.869194031 CEST | 185.84.81.194 | 192.168.2.13 | 0x21af | No error (0) | 154.223.21.228 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 10:59:32.041038990 CEST | 185.84.81.194 | 192.168.2.13 | 0x9d68 | No error (0) | 154.205.144.234 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 10:59:33.064780951 CEST | 130.61.64.122 | 192.168.2.13 | 0xa40e | No error (0) | 154.205.144.234 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 10:59:49.121944904 CEST | 130.61.69.123 | 192.168.2.13 | 0x5d50 | No error (0) | 154.205.144.234 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:00:05.713243008 CEST | 130.61.64.122 | 192.168.2.13 | 0xf562 | No error (0) | 154.223.21.228 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:00:21.765355110 CEST | 130.61.64.122 | 192.168.2.13 | 0x6dd0 | No error (0) | 154.205.144.234 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:00:48.108365059 CEST | 116.203.104.203 | 192.168.2.13 | 0x8822 | No error (0) | 38.60.249.66 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:01:14.321525097 CEST | 185.84.81.194 | 192.168.2.13 | 0x8cf0 | No error (0) | 154.223.21.228 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:01:25.357104063 CEST | 185.84.81.194 | 192.168.2.13 | 0x2286 | No error (0) | 154.90.62.142 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:01:26.472420931 CEST | 192.3.165.37 | 192.168.2.13 | 0xe851 | No error (0) | 38.60.249.66 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:01:32.898077011 CEST | 116.203.104.203 | 192.168.2.13 | 0xbb5 | No error (0) | 38.60.249.66 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:01:39.134597063 CEST | 192.3.165.37 | 192.168.2.13 | 0xeb48 | No error (0) | 154.223.21.228 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:01:57.424880981 CEST | 1.1.1.1 | 192.168.2.13 | 0x270f | No error (0) | 162.213.35.24 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:01:57.424880981 CEST | 1.1.1.1 | 192.168.2.13 | 0x270f | No error (0) | 162.213.35.25 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:02:15.701101065 CEST | 185.84.81.194 | 192.168.2.13 | 0x11d4 | No error (0) | 154.223.21.228 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:02:21.832218885 CEST | 130.61.64.122 | 192.168.2.13 | 0x72f | No error (0) | 154.223.21.228 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:02:33.156251907 CEST | 116.203.104.203 | 192.168.2.13 | 0x5c4e | No error (0) | 38.60.249.66 | A (IP address) | IN (0x0001) | false | ||
Oct 8, 2024 11:02:49.494661093 CEST | 130.61.69.123 | 192.168.2.13 | 0xd640 | No error (0) | 38.60.249.66 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 08:59:13 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | /tmp/na.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 08:59:14 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 08:59:14 |
Start date (UTC): | 08/10/2024 |
Path: | /tmp/na.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 08:59:51 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/systemd/systemd |
Arguments: | - |
File size: | 1620224 bytes |
MD5 hash: | 9b2bec7092a40488108543f9334aab75 |
Start time (UTC): | 08:59:51 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/snapd/snap-failure |
Arguments: | /usr/lib/snapd/snap-failure snapd |
File size: | 4764904 bytes |
MD5 hash: | 69136a7d575731ce62349f2e4d3e5c36 |
Start time (UTC): | 08:59:51 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/snapd/snap-failure |
Arguments: | - |
File size: | 4764904 bytes |
MD5 hash: | 69136a7d575731ce62349f2e4d3e5c36 |
Start time (UTC): | 08:59:51 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/bin/systemctl |
Arguments: | systemctl stop snapd.socket |
File size: | 996584 bytes |
MD5 hash: | 4deddfb6741481f68aeac522cc26ff4b |
Start time (UTC): | 08:59:51 |
Start date (UTC): | 08/10/2024 |
Path: | /usr/lib/snapd/snap-failure |
Arguments: | - |
File size: | 4764904 bytes |
MD5 hash: | 69136a7d575731ce62349f2e4d3e5c36 |