Linux
Analysis Report
sync.arm7.elf
Overview
General Information
Sample name: | sync.arm7.elf |
Analysis ID: | 1637902 |
MD5: | 8a6109d58a08dd6e18e72999fdea5e7e |
SHA1: | e33eb5d16a428ef6693aba34336ffa43a800b644 |
SHA256: | 597e16b001de0eefc8eee2ebcfb53e6c670f94c4fdc42ded8f5e42d7ec25c76b |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 72 |
Range: | 0 - 100 |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Performs DNS TXT record lookups
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample has stripped symbol table
Sleeps for long times indicative of sandbox evasion
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1637902 |
Start date and time: | 2025-03-14 01:47:23 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | sync.arm7.elf |
Detection: | MAL |
Classification: | mal72.evad.linELF@0/0@54/0 |
- VT rate limit hit for: dnsresolve.socialgains.cf
Command: | /tmp/sync.arm7.elf |
PID: | 6271 |
Exit Code: | 1 |
Exit Code Info: | |
Killed: | False |
Standard Output: | Infect |
Standard Error: |
- system is lnxubuntu20
- sync.arm7.elf New Fork (PID: 6273, Parent: 6271)
- sync.arm7.elf New Fork (PID: 6275, Parent: 6273)
- dash New Fork (PID: 6282, Parent: 4331)
- dash New Fork (PID: 6283, Parent: 4331)
- cleanup
⊘No yara matches
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-14T01:49:20.682155+0100 | 2013514 | 1 | A Network Trojan was detected | 192.168.2.23 | 60647 | 8.8.8.8 | 53 | UDP |
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • HIPS / PFW / Operating System Protection Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Networking |
---|
Source: | Suricata IDS: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | Rm executable: | Jump to behavior | ||
Source: | Rm executable: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File: | Jump to behavior |
Source: | Sleeps longer then 60s: | Jump to behavior | ||
Source: | Sleeps longer then 60s: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 File Deletion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
45% | Virustotal | Browse | ||
61% | ReversingLabs | Linux.Backdoor.Mirai | ||
100% | Avira | ANDROID/AVE.Agent.xdjci |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
dnsresolve.socialgains.cf | unknown | unknown | true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
34.249.145.219 | unknown | United States | 16509 | AMAZON-02US | false | |
142.44.232.40 | unknown | Canada | 16276 | OVHFR | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
34.249.145.219 | Get hash | malicious | Prometei | Browse | ||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
91.189.91.42 | Get hash | malicious | Prometei | Browse | ||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mirai, Okiru | Browse | |||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Prometei | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
INIT7CH | Get hash | malicious | Prometei | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai, Okiru | Browse |
| ||
AMAZON-02US | Get hash | malicious | Prometei | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
OVHFR | Get hash | malicious | XWorm | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | CAPTCHA Scam ClickFix | Browse |
| ||
Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 6.09255647319265 |
TrID: |
|
File name: | sync.arm7.elf |
File size: | 87'572 bytes |
MD5: | 8a6109d58a08dd6e18e72999fdea5e7e |
SHA1: | e33eb5d16a428ef6693aba34336ffa43a800b644 |
SHA256: | 597e16b001de0eefc8eee2ebcfb53e6c670f94c4fdc42ded8f5e42d7ec25c76b |
SHA512: | 673737b695986faa4104aadb40771c3f01c1278863510f96fda741dd6be4fff1757b1d370e03760979980652f80d3f59c5df37d1305b6b9302ab514efabd58d1 |
SSDEEP: | 1536:/An2B7KrKPKwKKKuK1xbCTkwImwSIgcp7MawRNLm5S/dlj3iall/nh6Y79a5f:57KrKPKwKKKuK1gImrIT7MawRNLmUHl+ |
TLSH: | 3D83394AF8816B11D4D526BEFE0E1289335347BDE3EE7112DE244B2037DAA6B0F76512 |
File Content Preview: | .ELF..............(.........4....S......4. ...(........pPM..P...P...................................hN..hN...............P...P...P..H....................P...P...P..................Q.td..................................-...L..................@-.,@...0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 5 |
Section Header Offset: | 86972 |
Section Header Size: | 40 |
Number of Section Headers: | 15 |
Header String Table Index: | 14 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x80d4 | 0xd4 | 0x10 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80f0 | 0xf0 | 0x130e0 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x1b1d0 | 0x131d0 | 0x10 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x1b1e0 | 0x131e0 | 0x1b58 | 0x0 | 0x2 | A | 0 | 0 | 8 |
.ARM.extab | PROGBITS | 0x1cd38 | 0x14d38 | 0x18 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ARM.exidx | ARM_EXIDX | 0x1cd50 | 0x14d50 | 0x118 | 0x0 | 0x82 | AL | 2 | 0 | 4 |
.eh_frame | PROGBITS | 0x25000 | 0x15000 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.tbss | NOBITS | 0x25004 | 0x15004 | 0x8 | 0x0 | 0x403 | WAT | 0 | 0 | 4 |
.init_array | INIT_ARRAY | 0x25004 | 0x15004 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.fini_array | FINI_ARRAY | 0x25008 | 0x15008 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.got | PROGBITS | 0x25010 | 0x15010 | 0xa8 | 0x4 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x250b8 | 0x150b8 | 0x290 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x25348 | 0x15348 | 0xb094 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0x15348 | 0x73 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
EXIDX | 0x14d50 | 0x1cd50 | 0x1cd50 | 0x118 | 0x118 | 4.5184 | 0x4 | R | 0x4 | .ARM.exidx | |
LOAD | 0x0 | 0x8000 | 0x8000 | 0x14e68 | 0x14e68 | 6.1233 | 0x5 | R E | 0x8000 | .init .text .fini .rodata .ARM.extab .ARM.exidx | |
LOAD | 0x15000 | 0x25000 | 0x25000 | 0x348 | 0xb3dc | 4.7415 | 0x6 | RW | 0x8000 | .eh_frame .tbss .init_array .fini_array .got .data .bss | |
TLS | 0x15004 | 0x25004 | 0x25004 | 0x0 | 0x8 | 0.0000 | 0x4 | R | 0x4 | .tbss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-14T01:49:20.682155+0100 | 2013514 | ET MALWARE Potential DNS Command and Control via TXT queries | 1 | 192.168.2.23 | 60647 | 8.8.8.8 | 53 | UDP |
- Total Packets: 71
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 14, 2025 01:48:39.246177912 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 14, 2025 01:48:51.820359945 CET | 443 | 39256 | 34.249.145.219 | 192.168.2.23 |
Mar 14, 2025 01:48:51.820664883 CET | 39256 | 443 | 192.168.2.23 | 34.249.145.219 |
Mar 14, 2025 01:48:51.825330973 CET | 443 | 39256 | 34.249.145.219 | 192.168.2.23 |
Mar 14, 2025 01:48:54.996675014 CET | 55782 | 61003 | 192.168.2.23 | 142.44.232.40 |
Mar 14, 2025 01:48:55.001435041 CET | 61003 | 55782 | 142.44.232.40 | 192.168.2.23 |
Mar 14, 2025 01:48:55.001497030 CET | 55782 | 61003 | 192.168.2.23 | 142.44.232.40 |
Mar 14, 2025 01:48:55.001600981 CET | 55782 | 61003 | 192.168.2.23 | 142.44.232.40 |
Mar 14, 2025 01:48:55.006275892 CET | 61003 | 55782 | 142.44.232.40 | 192.168.2.23 |
Mar 14, 2025 01:48:55.627985001 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Mar 14, 2025 01:48:59.723351002 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 14, 2025 01:49:16.379539013 CET | 61003 | 55782 | 142.44.232.40 | 192.168.2.23 |
Mar 14, 2025 01:49:16.380043030 CET | 55782 | 61003 | 192.168.2.23 | 142.44.232.40 |
Mar 14, 2025 01:49:16.384747982 CET | 61003 | 55782 | 142.44.232.40 | 192.168.2.23 |
Mar 14, 2025 01:49:33.292141914 CET | 55784 | 61003 | 192.168.2.23 | 142.44.232.40 |
Mar 14, 2025 01:49:33.297003984 CET | 61003 | 55784 | 142.44.232.40 | 192.168.2.23 |
Mar 14, 2025 01:49:33.297136068 CET | 55784 | 61003 | 192.168.2.23 | 142.44.232.40 |
Mar 14, 2025 01:49:33.297136068 CET | 55784 | 61003 | 192.168.2.23 | 142.44.232.40 |
Mar 14, 2025 01:49:33.301815987 CET | 61003 | 55784 | 142.44.232.40 | 192.168.2.23 |
Mar 14, 2025 01:49:40.677731037 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 14, 2025 01:49:54.679085970 CET | 61003 | 55784 | 142.44.232.40 | 192.168.2.23 |
Mar 14, 2025 01:49:54.679287910 CET | 55784 | 61003 | 192.168.2.23 | 142.44.232.40 |
Mar 14, 2025 01:49:54.684067011 CET | 61003 | 55784 | 142.44.232.40 | 192.168.2.23 |
Mar 14, 2025 01:50:11.527545929 CET | 55786 | 61003 | 192.168.2.23 | 142.44.232.40 |
Mar 14, 2025 01:50:11.532357931 CET | 61003 | 55786 | 142.44.232.40 | 192.168.2.23 |
Mar 14, 2025 01:50:11.532423019 CET | 55786 | 61003 | 192.168.2.23 | 142.44.232.40 |
Mar 14, 2025 01:50:11.532449007 CET | 55786 | 61003 | 192.168.2.23 | 142.44.232.40 |
Mar 14, 2025 01:50:11.537201881 CET | 61003 | 55786 | 142.44.232.40 | 192.168.2.23 |
Mar 14, 2025 01:50:32.916548967 CET | 61003 | 55786 | 142.44.232.40 | 192.168.2.23 |
Mar 14, 2025 01:50:32.917330027 CET | 55786 | 61003 | 192.168.2.23 | 142.44.232.40 |
Mar 14, 2025 01:50:32.922055006 CET | 61003 | 55786 | 142.44.232.40 | 192.168.2.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 14, 2025 01:48:39.134820938 CET | 55553 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:48:39.236597061 CET | 53 | 55553 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:48:40.239078045 CET | 41346 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:48:40.254486084 CET | 53 | 41346 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:48:41.256154060 CET | 42948 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:48:41.281104088 CET | 53 | 42948 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:48:42.283035994 CET | 53497 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:48:42.415119886 CET | 53 | 53497 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:48:43.417748928 CET | 53395 | 53 | 192.168.2.23 | 8.8.4.4 |
Mar 14, 2025 01:48:43.444219112 CET | 53 | 53395 | 8.8.4.4 | 192.168.2.23 |
Mar 14, 2025 01:48:44.446897984 CET | 48734 | 53 | 192.168.2.23 | 8.8.4.4 |
Mar 14, 2025 01:48:44.462861061 CET | 53 | 48734 | 8.8.4.4 | 192.168.2.23 |
Mar 14, 2025 01:48:45.464740992 CET | 52602 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:48:45.480025053 CET | 53 | 52602 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:48:46.481627941 CET | 41703 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:48:46.506474018 CET | 53 | 41703 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:48:47.507992029 CET | 46202 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:48:47.647207975 CET | 53 | 46202 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:48:48.648840904 CET | 42367 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:48:48.673717022 CET | 53 | 42367 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:48:49.675889015 CET | 48685 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:48:49.777173042 CET | 53 | 48685 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:48:50.780131102 CET | 56138 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:48:50.795197010 CET | 53 | 56138 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:48:51.796993017 CET | 38436 | 53 | 192.168.2.23 | 8.8.4.4 |
Mar 14, 2025 01:48:51.825294971 CET | 53 | 38436 | 8.8.4.4 | 192.168.2.23 |
Mar 14, 2025 01:48:52.829308987 CET | 40630 | 53 | 192.168.2.23 | 8.8.4.4 |
Mar 14, 2025 01:48:52.855660915 CET | 53 | 40630 | 8.8.4.4 | 192.168.2.23 |
Mar 14, 2025 01:48:53.858429909 CET | 33087 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:48:53.994760036 CET | 53 | 33087 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:49:17.382390022 CET | 51604 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:49:17.406884909 CET | 53 | 51604 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:49:18.408164978 CET | 35286 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:49:18.544640064 CET | 53 | 35286 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:49:19.547591925 CET | 38894 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:49:19.679615021 CET | 53 | 38894 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:49:20.682154894 CET | 60647 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:49:20.696975946 CET | 53 | 60647 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:49:21.698385000 CET | 57217 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:49:21.801558018 CET | 53 | 57217 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:49:22.802974939 CET | 45356 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:49:22.827456951 CET | 53 | 45356 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:49:23.828758001 CET | 48415 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:49:23.933381081 CET | 53 | 48415 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:49:24.934823036 CET | 44476 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:49:25.070182085 CET | 53 | 44476 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:49:26.072407961 CET | 58490 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:49:26.176239014 CET | 53 | 58490 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:49:27.178355932 CET | 39482 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:49:27.193649054 CET | 53 | 39482 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:49:28.195244074 CET | 54695 | 53 | 192.168.2.23 | 8.8.4.4 |
Mar 14, 2025 01:49:28.210820913 CET | 53 | 54695 | 8.8.4.4 | 192.168.2.23 |
Mar 14, 2025 01:49:29.212079048 CET | 43556 | 53 | 192.168.2.23 | 8.8.4.4 |
Mar 14, 2025 01:49:29.227672100 CET | 53 | 43556 | 8.8.4.4 | 192.168.2.23 |
Mar 14, 2025 01:49:30.230143070 CET | 58749 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:49:30.244966030 CET | 53 | 58749 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:49:31.246786118 CET | 46545 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:49:31.271733999 CET | 53 | 46545 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:49:32.273381948 CET | 33180 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:49:32.290241957 CET | 53 | 33180 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:49:55.681885004 CET | 59226 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:49:55.697074890 CET | 53 | 59226 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:49:56.699244976 CET | 45081 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:49:56.818214893 CET | 53 | 45081 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:49:57.820002079 CET | 42327 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:49:57.844325066 CET | 53 | 42327 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:49:58.846312046 CET | 33674 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:49:58.965168953 CET | 53 | 33674 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:49:59.967566967 CET | 38761 | 53 | 192.168.2.23 | 8.8.4.4 |
Mar 14, 2025 01:49:59.982523918 CET | 53 | 38761 | 8.8.4.4 | 192.168.2.23 |
Mar 14, 2025 01:50:00.984344959 CET | 36683 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:50:01.015083075 CET | 53 | 36683 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:50:02.016998053 CET | 53288 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:50:02.051023960 CET | 53 | 53288 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:50:03.052995920 CET | 50933 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:50:03.171473026 CET | 53 | 50933 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:50:04.173093081 CET | 46030 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:50:04.278285980 CET | 53 | 46030 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:50:05.279972076 CET | 37454 | 53 | 192.168.2.23 | 8.8.4.4 |
Mar 14, 2025 01:50:05.295125961 CET | 53 | 37454 | 8.8.4.4 | 192.168.2.23 |
Mar 14, 2025 01:50:06.296962023 CET | 43011 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:50:06.321554899 CET | 53 | 43011 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:50:07.323278904 CET | 46866 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:50:07.369757891 CET | 53 | 46866 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:50:08.371293068 CET | 57081 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:50:08.386274099 CET | 53 | 57081 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:50:09.387614965 CET | 36518 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:50:09.403037071 CET | 53 | 36518 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:50:10.404441118 CET | 47052 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:50:10.526216030 CET | 53 | 47052 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:50:33.919358015 CET | 52132 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:50:33.944494963 CET | 53 | 52132 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:50:34.945955038 CET | 44796 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:50:35.083549976 CET | 53 | 44796 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:50:36.085597038 CET | 57012 | 53 | 192.168.2.23 | 8.8.4.4 |
Mar 14, 2025 01:50:36.100718975 CET | 53 | 57012 | 8.8.4.4 | 192.168.2.23 |
Mar 14, 2025 01:50:37.102365971 CET | 33970 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:50:37.230719090 CET | 53 | 33970 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:50:38.232395887 CET | 54807 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:50:38.371865988 CET | 53 | 54807 | 1.1.1.1 | 192.168.2.23 |
Mar 14, 2025 01:50:39.373466015 CET | 32959 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:50:39.388720036 CET | 53 | 32959 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:50:40.390295029 CET | 57873 | 53 | 192.168.2.23 | 1.0.0.1 |
Mar 14, 2025 01:50:40.529112101 CET | 53 | 57873 | 1.0.0.1 | 192.168.2.23 |
Mar 14, 2025 01:50:41.531939030 CET | 55843 | 53 | 192.168.2.23 | 8.8.8.8 |
Mar 14, 2025 01:50:41.546344995 CET | 53 | 55843 | 8.8.8.8 | 192.168.2.23 |
Mar 14, 2025 01:50:42.549210072 CET | 48978 | 53 | 192.168.2.23 | 1.1.1.1 |
Mar 14, 2025 01:50:42.574299097 CET | 53 | 48978 | 1.1.1.1 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 14, 2025 01:48:39.134820938 CET | 192.168.2.23 | 1.0.0.1 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:40.239078045 CET | 192.168.2.23 | 8.8.8.8 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:41.256154060 CET | 192.168.2.23 | 1.0.0.1 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:42.283035994 CET | 192.168.2.23 | 1.0.0.1 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:43.417748928 CET | 192.168.2.23 | 8.8.4.4 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:44.446897984 CET | 192.168.2.23 | 8.8.4.4 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:45.464740992 CET | 192.168.2.23 | 8.8.8.8 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:46.481627941 CET | 192.168.2.23 | 1.1.1.1 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:47.507992029 CET | 192.168.2.23 | 1.0.0.1 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:48.648840904 CET | 192.168.2.23 | 1.1.1.1 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:49.675889015 CET | 192.168.2.23 | 1.1.1.1 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:50.780131102 CET | 192.168.2.23 | 8.8.8.8 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:51.796993017 CET | 192.168.2.23 | 8.8.4.4 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:52.829308987 CET | 192.168.2.23 | 8.8.4.4 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:53.858429909 CET | 192.168.2.23 | 1.0.0.1 | 0xd490 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:17.382390022 CET | 192.168.2.23 | 1.0.0.1 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:18.408164978 CET | 192.168.2.23 | 1.0.0.1 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:19.547591925 CET | 192.168.2.23 | 1.0.0.1 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:20.682154894 CET | 192.168.2.23 | 8.8.8.8 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:21.698385000 CET | 192.168.2.23 | 1.1.1.1 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:22.802974939 CET | 192.168.2.23 | 1.1.1.1 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:23.828758001 CET | 192.168.2.23 | 1.1.1.1 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:24.934823036 CET | 192.168.2.23 | 8.8.8.8 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:26.072407961 CET | 192.168.2.23 | 1.0.0.1 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:27.178355932 CET | 192.168.2.23 | 8.8.8.8 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:28.195244074 CET | 192.168.2.23 | 8.8.4.4 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:29.212079048 CET | 192.168.2.23 | 8.8.4.4 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:30.230143070 CET | 192.168.2.23 | 8.8.8.8 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:31.246786118 CET | 192.168.2.23 | 1.0.0.1 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:32.273381948 CET | 192.168.2.23 | 8.8.8.8 | 0x694f | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:55.681885004 CET | 192.168.2.23 | 8.8.8.8 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:56.699244976 CET | 192.168.2.23 | 1.1.1.1 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:57.820002079 CET | 192.168.2.23 | 1.0.0.1 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:58.846312046 CET | 192.168.2.23 | 1.0.0.1 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:59.967566967 CET | 192.168.2.23 | 8.8.4.4 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:00.984344959 CET | 192.168.2.23 | 1.1.1.1 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:02.016998053 CET | 192.168.2.23 | 1.0.0.1 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:03.052995920 CET | 192.168.2.23 | 1.1.1.1 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:04.173093081 CET | 192.168.2.23 | 1.0.0.1 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:05.279972076 CET | 192.168.2.23 | 8.8.4.4 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:06.296962023 CET | 192.168.2.23 | 1.1.1.1 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:07.323278904 CET | 192.168.2.23 | 8.8.8.8 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:08.371293068 CET | 192.168.2.23 | 8.8.8.8 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:09.387614965 CET | 192.168.2.23 | 8.8.8.8 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:10.404441118 CET | 192.168.2.23 | 1.0.0.1 | 0x3c6e | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:33.919358015 CET | 192.168.2.23 | 1.1.1.1 | 0xc7e8 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:34.945955038 CET | 192.168.2.23 | 1.1.1.1 | 0xc7e8 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:36.085597038 CET | 192.168.2.23 | 8.8.4.4 | 0xc7e8 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:37.102365971 CET | 192.168.2.23 | 1.1.1.1 | 0xc7e8 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:38.232395887 CET | 192.168.2.23 | 1.1.1.1 | 0xc7e8 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:39.373466015 CET | 192.168.2.23 | 8.8.8.8 | 0xc7e8 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:40.390295029 CET | 192.168.2.23 | 1.0.0.1 | 0xc7e8 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:41.531939030 CET | 192.168.2.23 | 8.8.8.8 | 0xc7e8 | Standard query (0) | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:42.549210072 CET | 192.168.2.23 | 1.1.1.1 | 0xc7e8 | Standard query (0) | 16 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 14, 2025 01:48:39.236597061 CET | 1.0.0.1 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:40.254486084 CET | 8.8.8.8 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:41.281104088 CET | 1.0.0.1 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:42.415119886 CET | 1.0.0.1 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:43.444219112 CET | 8.8.4.4 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:44.462861061 CET | 8.8.4.4 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:45.480025053 CET | 8.8.8.8 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:46.506474018 CET | 1.1.1.1 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:47.647207975 CET | 1.0.0.1 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:48.673717022 CET | 1.1.1.1 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:49.777173042 CET | 1.1.1.1 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:50.795197010 CET | 8.8.8.8 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:51.825294971 CET | 8.8.4.4 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:52.855660915 CET | 8.8.4.4 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:48:53.994760036 CET | 1.0.0.1 | 192.168.2.23 | 0xd490 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:17.406884909 CET | 1.0.0.1 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:18.544640064 CET | 1.0.0.1 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:19.679615021 CET | 1.0.0.1 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:20.696975946 CET | 8.8.8.8 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:21.801558018 CET | 1.1.1.1 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:22.827456951 CET | 1.1.1.1 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:23.933381081 CET | 1.1.1.1 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:25.070182085 CET | 8.8.8.8 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:26.176239014 CET | 1.0.0.1 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:27.193649054 CET | 8.8.8.8 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:28.210820913 CET | 8.8.4.4 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:29.227672100 CET | 8.8.4.4 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:30.244966030 CET | 8.8.8.8 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:31.271733999 CET | 1.0.0.1 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:32.290241957 CET | 8.8.8.8 | 192.168.2.23 | 0x694f | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:55.697074890 CET | 8.8.8.8 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:56.818214893 CET | 1.1.1.1 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:57.844325066 CET | 1.0.0.1 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:58.965168953 CET | 1.0.0.1 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:49:59.982523918 CET | 8.8.4.4 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:01.015083075 CET | 1.1.1.1 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:02.051023960 CET | 1.0.0.1 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:03.171473026 CET | 1.1.1.1 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:04.278285980 CET | 1.0.0.1 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:05.295125961 CET | 8.8.4.4 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:06.321554899 CET | 1.1.1.1 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:07.369757891 CET | 8.8.8.8 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:08.386274099 CET | 8.8.8.8 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:09.403037071 CET | 8.8.8.8 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:10.526216030 CET | 1.0.0.1 | 192.168.2.23 | 0x3c6e | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:33.944494963 CET | 1.1.1.1 | 192.168.2.23 | 0xc7e8 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:35.083549976 CET | 1.1.1.1 | 192.168.2.23 | 0xc7e8 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:36.100718975 CET | 8.8.4.4 | 192.168.2.23 | 0xc7e8 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:37.230719090 CET | 1.1.1.1 | 192.168.2.23 | 0xc7e8 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:38.371865988 CET | 1.1.1.1 | 192.168.2.23 | 0xc7e8 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:39.388720036 CET | 8.8.8.8 | 192.168.2.23 | 0xc7e8 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:40.529112101 CET | 1.0.0.1 | 192.168.2.23 | 0xc7e8 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:41.546344995 CET | 8.8.8.8 | 192.168.2.23 | 0xc7e8 | Name error (3) | none | none | 16 | IN (0x0001) | false | |
Mar 14, 2025 01:50:42.574299097 CET | 1.1.1.1 | 192.168.2.23 | 0xc7e8 | Name error (3) | none | none | 16 | IN (0x0001) | false |
System Behavior
Start time (UTC): | 00:48:38 |
Start date (UTC): | 14/03/2025 |
Path: | /tmp/sync.arm7.elf |
Arguments: | /tmp/sync.arm7.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 00:48:38 |
Start date (UTC): | 14/03/2025 |
Path: | /tmp/sync.arm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 00:48:38 |
Start date (UTC): | 14/03/2025 |
Path: | /tmp/sync.arm7.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 00:48:51 |
Start date (UTC): | 14/03/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 00:48:51 |
Start date (UTC): | 14/03/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.8qFPUqxga1 /tmp/tmp.KKoCOey2qq /tmp/tmp.Ik5SJzv8Ic |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |
Start time (UTC): | 00:48:51 |
Start date (UTC): | 14/03/2025 |
Path: | /usr/bin/dash |
Arguments: | - |
File size: | 129816 bytes |
MD5 hash: | 1e6b1c887c59a315edb7eb9a315fc84c |
Start time (UTC): | 00:48:51 |
Start date (UTC): | 14/03/2025 |
Path: | /usr/bin/rm |
Arguments: | rm -f /tmp/tmp.8qFPUqxga1 /tmp/tmp.KKoCOey2qq /tmp/tmp.Ik5SJzv8Ic |
File size: | 72056 bytes |
MD5 hash: | aa2b5496fdbfd88e38791ab81f90b95b |