Analysis Overview
SHA256
b6538d6af7fc74e1f6d2d49177df9d83debbf5972f485812f5811920fd86ca11
Threat Level: Known bad
The file x86_64(1) was found to be: Known bad.
Malicious Activity Summary
Mirai family
Deletes Audit logs
Deletes journal logs
Deletes itself
Deletes system logs
Modifies Watchdog functionality
Deletes log files
Enumerates running processes
Changes its process name
Reads CPU attributes
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-26 21:32
Signatures
Mirai family
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-26 21:32
Reported
2024-04-26 21:42
Platform
ubuntu1804-amd64-20240418-en
Max time kernel
599s
Max time network
598s
Command Line
Signatures
Deletes Audit logs
| Description | Indicator | Process | Target |
| File deleted | /var/log/audit/audit.log | /tmp/x86_64(1) | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/x86_64(1) | N/A |
Deletes journal logs
| Description | Indicator | Process | Target |
| File deleted | /var/log/journal/11c67417355f45d397f6be11f62e85a6/system.journal | /tmp/x86_64(1) | N/A |
Deletes system logs
| Description | Indicator | Process | Target |
| File deleted | /var/log/syslog | /tmp/x86_64(1) | N/A |
Modifies Watchdog functionality
| Description | Indicator | Process | Target |
| File opened for modification | /dev/watchdog | /tmp/x86_64(1) | N/A |
| File opened for modification | /dev/misc/watchdog | /tmp/x86_64(1) | N/A |
Deletes log files
| Description | Indicator | Process | Target |
| File deleted | /var/log/cups/error_log | /tmp/x86_64(1) | N/A |
Enumerates running processes
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | ebualweajs4c8e64s2f8jbs8lqfd | /tmp/x86_64(1) | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/9/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1141/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/183/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1314/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/11/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/178/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1129/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/7401/cmdline | /tmp/x86_64(1) | N/A |
| File opened for reading | /proc/1105/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/958/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/4599/cmdline | /tmp/x86_64(1) | N/A |
| File opened for reading | /proc/89/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/184/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/213/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1548/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/8/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/10/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/176/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/734/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1543/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1535/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/14/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1141/cmdline | /tmp/x86_64(1) | N/A |
| File opened for reading | /proc/1/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/10/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/481/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1125/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/8153/cmdline | /tmp/x86_64(1) | N/A |
| File opened for reading | /proc/183/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/610/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/966/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1528/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/19/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1178/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1191/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1204/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1541/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/21/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/98/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/188/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/188/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1178/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1288/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1160/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/20/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/664/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/672/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1137/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/7/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/178/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1133/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1512/cmdline | /tmp/x86_64(1) | N/A |
| File opened for reading | /proc/175/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/14/cmdline | /tmp/x86_64(1) | N/A |
| File opened for reading | /proc/2455/cmdline | /tmp/x86_64(1) | N/A |
| File opened for reading | /proc/6424/cmdline | /tmp/x86_64(1) | N/A |
| File opened for reading | /proc/184/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1133/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1201/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/1201/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/2879/cmdline | /tmp/x86_64(1) | N/A |
| File opened for reading | /proc/83/status | /usr/bin/pkill | N/A |
| File opened for reading | /proc/115/cmdline | /usr/bin/pkill | N/A |
| File opened for reading | /proc/185/status | /usr/bin/pkill | N/A |
Processes
/tmp/x86_64(1)
[/tmp/x86_64(1)]
/usr/local/sbin/pkill
[pkill wireshark]
/usr/local/bin/pkill
[pkill wireshark]
/usr/sbin/pkill
[pkill wireshark]
/usr/bin/pkill
[pkill wireshark]
/usr/local/sbin/pkill
[pkill tshark]
/usr/local/sbin/pkill
[pkill ettercap]
/usr/local/sbin/pkill
[pkill dsniff]
/usr/local/sbin/pkill
[pkill ngrep]
/usr/local/bin/pkill
[pkill ngrep]
/usr/sbin/pkill
[pkill ngrep]
/usr/local/sbin/pkill
[pkill tcpflow]
/usr/local/sbin/pkill
[pkill windump]
/usr/bin/pkill
[pkill ngrep]
/usr/local/sbin/pkill
[pkill netsniff-ng]
/usr/local/sbin/pkill
[pkill dumpcap]
/usr/local/bin/pkill
[pkill dumpcap]
/usr/sbin/pkill
[pkill dumpcap]
/usr/local/bin/pkill
[pkill ettercap]
/usr/bin/pkill
[pkill dumpcap]
/usr/local/bin/pkill
[pkill tshark]
/usr/local/sbin/pkill
[pkill tcpdump]
/usr/sbin/pkill
[pkill ettercap]
/usr/sbin/pkill
[pkill tshark]
/usr/bin/pkill
[pkill ettercap]
/usr/local/bin/pkill
[pkill tcpdump]
/usr/bin/pkill
[pkill tshark]
/usr/sbin/pkill
[pkill tcpdump]
/usr/bin/pkill
[pkill tcpdump]
/usr/local/bin/pkill
[pkill dsniff]
/usr/sbin/pkill
[pkill dsniff]
/usr/bin/pkill
[pkill dsniff]
/usr/local/bin/pkill
[pkill tcpflow]
/usr/local/bin/pkill
[pkill windump]
/usr/local/bin/pkill
[pkill netsniff-ng]
/usr/sbin/pkill
[pkill tcpflow]
/usr/sbin/pkill
[pkill windump]
/usr/sbin/pkill
[pkill netsniff-ng]
/usr/bin/pkill
[pkill tcpflow]
/usr/bin/pkill
[pkill windump]
/usr/bin/pkill
[pkill netsniff-ng]
/usr/local/sbin/rm
[rm -rf /usr/bin/ettercap]
/usr/local/bin/rm
[rm -rf /usr/bin/ettercap]
/usr/sbin/rm
[rm -rf /usr/bin/ettercap]
/usr/bin/rm
[rm -rf /usr/bin/ettercap]
/sbin/rm
[rm -rf /usr/bin/ettercap]
/bin/rm
[rm -rf /usr/bin/ettercap]
/usr/local/sbin/rm
[rm -rf /usr/bin/dsniff]
/usr/local/bin/rm
[rm -rf /usr/bin/dsniff]
/usr/sbin/rm
[rm -rf /usr/bin/dsniff]
/usr/bin/rm
[rm -rf /usr/bin/dsniff]
/sbin/rm
[rm -rf /usr/bin/dsniff]
/bin/rm
[rm -rf /usr/bin/dsniff]
/usr/local/sbin/rm
[rm -rf /usr/bin/ngrep]
/usr/local/bin/rm
[rm -rf /usr/bin/ngrep]
/usr/sbin/rm
[rm -rf /usr/bin/ngrep]
/usr/bin/rm
[rm -rf /usr/bin/ngrep]
/sbin/rm
[rm -rf /usr/bin/ngrep]
/bin/rm
[rm -rf /usr/bin/ngrep]
/usr/local/sbin/rm
[rm -rf /usr/bin/tcpflow]
/usr/local/bin/rm
[rm -rf /usr/bin/tcpflow]
/usr/sbin/rm
[rm -rf /usr/bin/tcpflow]
/usr/bin/rm
[rm -rf /usr/bin/tcpflow]
/sbin/rm
[rm -rf /usr/bin/tcpflow]
/bin/rm
[rm -rf /usr/bin/tcpflow]
/usr/local/sbin/rm
[rm -rf /usr/bin/netsniff-ng]
/usr/local/bin/rm
[rm -rf /usr/bin/netsniff-ng]
/usr/sbin/rm
[rm -rf /usr/bin/netsniff-ng]
/usr/bin/rm
[rm -rf /usr/bin/netsniff-ng]
/sbin/rm
[rm -rf /usr/bin/netsniff-ng]
/bin/rm
[rm -rf /usr/bin/netsniff-ng]
/usr/local/sbin/rm
[rm -rf /usr/sbin/ngrep]
/usr/local/bin/rm
[rm -rf /usr/sbin/ngrep]
/usr/sbin/rm
[rm -rf /usr/sbin/ngrep]
/usr/bin/rm
[rm -rf /usr/sbin/ngrep]
/sbin/rm
[rm -rf /usr/sbin/ngrep]
/bin/rm
[rm -rf /usr/sbin/ngrep]
/usr/local/sbin/rm
[rm -rf /usr/sbin/tcpflow]
/usr/local/bin/rm
[rm -rf /usr/sbin/tcpflow]
/usr/sbin/rm
[rm -rf /usr/sbin/tcpflow]
/usr/bin/rm
[rm -rf /usr/sbin/tcpflow]
/sbin/rm
[rm -rf /usr/sbin/tcpflow]
/bin/rm
[rm -rf /usr/sbin/tcpflow]
/usr/local/sbin/rm
[rm -rf /usr/sbin/windump]
/usr/local/bin/rm
[rm -rf /usr/sbin/windump]
/usr/sbin/rm
[rm -rf /usr/sbin/windump]
/usr/bin/rm
[rm -rf /usr/sbin/windump]
/sbin/rm
[rm -rf /usr/sbin/windump]
/bin/rm
[rm -rf /usr/sbin/windump]
/usr/local/sbin/rm
[rm -rf /usr/sbin/netsniff-ng]
/usr/local/bin/rm
[rm -rf /usr/sbin/netsniff-ng]
/usr/sbin/rm
[rm -rf /usr/sbin/netsniff-ng]
/usr/bin/rm
[rm -rf /usr/sbin/netsniff-ng]
/sbin/rm
[rm -rf /usr/sbin/netsniff-ng]
/bin/rm
[rm -rf /usr/sbin/netsniff-ng]
/usr/local/sbin/rm
[rm -rf /usr/bin/tcpdump]
/usr/local/sbin/rm
[rm -rf /usr/bin/tshark]
/usr/local/sbin/rm
[rm -rf /usr/bin/wireshark]
/usr/local/sbin/rm
[rm -rf /usr/bin/dumpcap]
/usr/local/sbin/rm
[rm -rf /usr/bin/windump]
/usr/local/bin/rm
[rm -rf /usr/bin/dumpcap]
/usr/local/bin/rm
[rm -rf /usr/bin/windump]
/usr/local/bin/rm
[rm -rf /usr/bin/tcpdump]
/usr/local/bin/rm
[rm -rf /usr/bin/wireshark]
/usr/local/bin/rm
[rm -rf /usr/bin/tshark]
/usr/sbin/rm
[rm -rf /usr/bin/dumpcap]
/usr/sbin/rm
[rm -rf /usr/bin/windump]
/usr/sbin/rm
[rm -rf /usr/bin/tcpdump]
/usr/sbin/rm
[rm -rf /usr/bin/wireshark]
/usr/sbin/rm
[rm -rf /usr/bin/tshark]
/usr/local/sbin/rm
[rm -rf /usr/sbin/dsniff]
/usr/bin/rm
[rm -rf /usr/bin/windump]
/usr/bin/rm
[rm -rf /usr/bin/dumpcap]
/usr/bin/rm
[rm -rf /usr/bin/tcpdump]
/usr/bin/rm
[rm -rf /usr/bin/wireshark]
/usr/bin/rm
[rm -rf /usr/bin/tshark]
/sbin/rm
[rm -rf /usr/bin/windump]
/sbin/rm
[rm -rf /usr/bin/dumpcap]
/sbin/rm
[rm -rf /usr/bin/tcpdump]
/sbin/rm
[rm -rf /usr/bin/wireshark]
/sbin/rm
[rm -rf /usr/bin/tshark]
/usr/local/bin/rm
[rm -rf /usr/sbin/dsniff]
/bin/rm
[rm -rf /usr/bin/windump]
/bin/rm
[rm -rf /usr/bin/dumpcap]
/bin/rm
[rm -rf /usr/bin/tcpdump]
/bin/rm
[rm -rf /usr/bin/wireshark]
/bin/rm
[rm -rf /usr/bin/tshark]
/usr/sbin/rm
[rm -rf /usr/sbin/dsniff]
/usr/bin/rm
[rm -rf /usr/sbin/dsniff]
/usr/local/sbin/rm
[rm -rf /usr/sbin/ettercap]
/sbin/rm
[rm -rf /usr/sbin/dsniff]
/bin/rm
[rm -rf /usr/sbin/dsniff]
/usr/local/bin/rm
[rm -rf /usr/sbin/ettercap]
/usr/sbin/rm
[rm -rf /usr/sbin/ettercap]
/usr/bin/rm
[rm -rf /usr/sbin/ettercap]
/sbin/rm
[rm -rf /usr/sbin/ettercap]
/bin/rm
[rm -rf /usr/sbin/ettercap]
/usr/local/sbin/rm
[rm -rf /usr/sbin/dumpcap]
/usr/local/bin/rm
[rm -rf /usr/sbin/dumpcap]
/usr/sbin/rm
[rm -rf /usr/sbin/dumpcap]
/usr/bin/rm
[rm -rf /usr/sbin/dumpcap]
/sbin/rm
[rm -rf /usr/sbin/dumpcap]
/bin/rm
[rm -rf /usr/sbin/dumpcap]
/usr/local/sbin/rm
[rm -rf /usr/sbin/wireshark]
/usr/local/bin/rm
[rm -rf /usr/sbin/wireshark]
/usr/sbin/rm
[rm -rf /usr/sbin/wireshark]
/usr/bin/rm
[rm -rf /usr/sbin/wireshark]
/sbin/rm
[rm -rf /usr/sbin/wireshark]
/bin/rm
[rm -rf /usr/sbin/wireshark]
/usr/local/sbin/rm
[rm -rf /usr/sbin/tshark]
/usr/local/bin/rm
[rm -rf /usr/sbin/tshark]
/usr/sbin/rm
[rm -rf /usr/sbin/tshark]
/usr/bin/rm
[rm -rf /usr/sbin/tshark]
/sbin/rm
[rm -rf /usr/sbin/tshark]
/bin/rm
[rm -rf /usr/sbin/tshark]
/usr/local/sbin/rm
[rm -rf /usr/sbin/tcpdump]
/usr/local/bin/rm
[rm -rf /usr/sbin/tcpdump]
/usr/sbin/rm
[rm -rf /usr/sbin/tcpdump]
/usr/bin/rm
[rm -rf /usr/sbin/tcpdump]
/sbin/rm
[rm -rf /usr/sbin/tcpdump]
/bin/rm
[rm -rf /usr/sbin/tcpdump]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 151.101.194.49:443 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 1.1.1.1:53 | daisy.ubuntu.com | udp |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 89.187.167.3:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 151.101.65.91:443 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 151.101.193.91:443 | tcp | |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 151.101.129.91:443 | tcp | |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 151.101.1.91:443 | tcp | |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 104.168.45.11:7722 | tcp | |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 104.168.45.11:7722 | tcp | |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 104.168.45.11:7722 | tcp | |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |
| US | 1.1.1.1:53 | tcpdown.su | udp |