Linux
Analysis Report
zerarm.elf
Overview
General Information
Sample name: | zerarm.elf |
Analysis ID: | 1643344 |
MD5: | 53a7730024a372b059073ec98bb46943 |
SHA1: | 51e0210b8fb30e65438948d1465494dbc556d071 |
SHA256: | b87d8b0e184721c6e4363d128947448dd62f5e552318fe37390139c64f52e6e9 |
Tags: | elfuser-abuse_ch |
Infos: |
Detection
Score: | 52 |
Range: | 0 - 100 |
Signatures
Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1643344 |
Start date and time: | 2025-03-19 19:27:13 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultlinuxfilecookbook.jbs |
Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
Analysis Mode: | default |
Sample name: | zerarm.elf |
Detection: | MAL |
Classification: | mal52.troj.linELF@0/0@35/0 |
Command: | /tmp/zerarm.elf |
PID: | 6238 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | gosh that chinese family at the other table sure ate a lot |
Standard Error: |
- system is lnxubuntu20
- zerarm.elf New Fork (PID: 6240, Parent: 6238)
- zerarm.elf New Fork (PID: 6242, Parent: 6240)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Malware Analysis System Evasion
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Networking |
---|
Source: | DNS traffic detected: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | Socket: | Jump to behavior |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String containing 'busybox' found: | ||
Source: | String containing 'busybox' found: |
Source: | .symtab present: |
Source: | Classification label: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Queries kernel information via 'uname': | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | Virustotal | Browse | ||
39% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ohlookthereismyboats.geek | 185.220.204.227 | true | false | high | |
watchmepull.dyn. [malformed] | unknown | unknown | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.248.47.182 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | false | |
109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
45.147.251.145 | unknown | Germany | 197518 | RACKMARKTES | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
91.189.91.43 | Get hash | malicious | Prometei | Browse | ||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
91.189.91.42 | Get hash | malicious | Prometei | Browse | ||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Mirai | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
Get hash | malicious | Prometei | Browse | |||
45.147.251.145 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ohlookthereismyboats.geek | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CANONICAL-ASGB | Get hash | malicious | Prometei | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
DIGITALOCEAN-ASNUS | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CANONICAL-ASGB | Get hash | malicious | Prometei | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
INIT7CH | Get hash | malicious | Prometei | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
File type: | |
Entropy (8bit): | 5.986234634988445 |
TrID: |
|
File name: | zerarm.elf |
File size: | 47'496 bytes |
MD5: | 53a7730024a372b059073ec98bb46943 |
SHA1: | 51e0210b8fb30e65438948d1465494dbc556d071 |
SHA256: | b87d8b0e184721c6e4363d128947448dd62f5e552318fe37390139c64f52e6e9 |
SHA512: | dedad2ac79feecb68576251a04edffd61a25a3a75fd15321252733084973ed36f7bed2c902bb105a2a31b51be8d0f6647fb2fb9969cc655037cc8672e3afe259 |
SSDEEP: | 768:suCUY/EzsUu8RhUdMatyUXqAM76nuoshFNsRpklBgaXP:EUPzBatN6AXPyhXP |
TLSH: | 27230791B8818A13C5D4137FFA2F419D372563A8D2DF7213DD222F55778A82F0EAB641 |
File Content Preview: | .ELF...a..........(.........4...........4. ...(.........................................................$...........Q.td..................................-...L."....*..........0@-.\P...0....S.0...P@...0... ....R......0...0...........0... ....R..... 0....S |
ELF header | |
---|---|
Class: | |
Data: | |
Version: | |
Machine: | |
Version Number: | |
Type: | |
OS/ABI: | |
ABI Version: | 0 |
Entry Point Address: | |
Flags: | |
ELF Header Size: | 52 |
Program Header Offset: | 52 |
Program Header Size: | 32 |
Number of Program Headers: | 3 |
Section Header Offset: | 47056 |
Section Header Size: | 40 |
Number of Section Headers: | 11 |
Header String Table Index: | 10 |
Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
---|---|---|---|---|---|---|---|---|---|---|
NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
.init | PROGBITS | 0x8094 | 0x94 | 0x18 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.text | PROGBITS | 0x80b0 | 0xb0 | 0xac30 | 0x0 | 0x6 | AX | 0 | 0 | 16 |
.fini | PROGBITS | 0x12ce0 | 0xace0 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
.rodata | PROGBITS | 0x12cf4 | 0xacf4 | 0x8d4 | 0x0 | 0x2 | A | 0 | 0 | 4 |
.ctors | PROGBITS | 0x1b5cc | 0xb5cc | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.dtors | PROGBITS | 0x1b5d4 | 0xb5d4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.jcr | PROGBITS | 0x1b5dc | 0xb5dc | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.data | PROGBITS | 0x1b5e0 | 0xb5e0 | 0x1ac | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.bss | NOBITS | 0x1b78c | 0xb78c | 0x264 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
.shstrtab | STRTAB | 0x0 | 0xb78c | 0x43 | 0x0 | 0x0 | 0 | 0 | 1 |
Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
---|---|---|---|---|---|---|---|---|---|---|---|
LOAD | 0x0 | 0x8000 | 0x8000 | 0xb5c8 | 0xb5c8 | 6.0193 | 0x5 | R E | 0x8000 | .init .text .fini .rodata | |
LOAD | 0xb5cc | 0x1b5cc | 0x1b5cc | 0x1c0 | 0x424 | 2.3054 | 0x6 | RW | 0x8000 | .ctors .dtors .jcr .data .bss | |
GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x7 | RWE | 0x4 |
Download Network PCAP: filtered – full
- Total Packets: 98
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 19, 2025 19:28:01.497498035 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 19, 2025 19:28:02.975697041 CET | 45240 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:28:02.980479956 CET | 1440 | 45240 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:28:02.980535030 CET | 45240 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:28:02.981820107 CET | 45240 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:28:02.986515045 CET | 1440 | 45240 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:28:02.986563921 CET | 45240 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:28:02.991271973 CET | 1440 | 45240 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:28:06.872766972 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Mar 19, 2025 19:28:08.152654886 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Mar 19, 2025 19:28:12.990725994 CET | 45240 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:28:12.995985985 CET | 1440 | 45240 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:28:13.194849014 CET | 1440 | 45240 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:28:13.195162058 CET | 45240 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:28:13.199939966 CET | 1440 | 45240 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:28:14.661955118 CET | 45242 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:28:14.666800022 CET | 1440 | 45242 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:28:14.666873932 CET | 45242 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:28:14.668112993 CET | 45242 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:28:14.672858000 CET | 1440 | 45242 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:28:14.672911882 CET | 45242 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:28:14.677634001 CET | 1440 | 45242 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:28:21.462858915 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 19, 2025 19:28:25.288137913 CET | 1440 | 45242 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:28:25.288350105 CET | 45242 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:28:25.293039083 CET | 1440 | 45242 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:28:26.308554888 CET | 54356 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:26.313251019 CET | 1440 | 54356 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:28:26.313339949 CET | 54356 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:26.314677954 CET | 54356 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:26.319335938 CET | 1440 | 54356 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:28:26.319413900 CET | 54356 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:26.324085951 CET | 1440 | 54356 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:28:33.749083996 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
Mar 19, 2025 19:28:36.928766012 CET | 1440 | 54356 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:28:36.929069042 CET | 54356 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:36.935740948 CET | 1440 | 54356 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:28:37.844561100 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
Mar 19, 2025 19:28:37.970227003 CET | 54358 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:37.977319002 CET | 1440 | 54358 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:28:37.977401972 CET | 54358 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:37.978415966 CET | 54358 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:37.985461950 CET | 1440 | 54358 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:28:37.985496998 CET | 54358 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:37.991554022 CET | 1440 | 54358 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:28:48.594579935 CET | 1440 | 54358 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:28:48.594826937 CET | 54358 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:48.599534035 CET | 1440 | 54358 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:28:49.692038059 CET | 54360 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:49.696693897 CET | 1440 | 54360 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:28:49.696765900 CET | 54360 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:49.697782040 CET | 54360 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:49.702430964 CET | 1440 | 54360 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:28:49.702500105 CET | 54360 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:28:49.707120895 CET | 1440 | 54360 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:29:00.317420006 CET | 1440 | 54360 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:29:00.317857981 CET | 54360 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:29:00.322546959 CET | 1440 | 54360 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:29:01.414155960 CET | 45250 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:01.418947935 CET | 1440 | 45250 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:01.419023991 CET | 45250 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:01.419801950 CET | 45250 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:01.424570084 CET | 1440 | 45250 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:01.424649954 CET | 45250 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:01.429467916 CET | 1440 | 45250 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:02.417100906 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
Mar 19, 2025 19:29:12.019030094 CET | 1440 | 45250 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:12.019359112 CET | 45250 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:12.024065971 CET | 1440 | 45250 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:13.113435984 CET | 45252 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:13.118230104 CET | 1440 | 45252 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:13.118302107 CET | 45252 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:13.119335890 CET | 45252 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:13.125226021 CET | 1440 | 45252 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:13.125288010 CET | 45252 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:13.130973101 CET | 1440 | 45252 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:23.126224995 CET | 45252 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:23.131040096 CET | 1440 | 45252 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:23.326589108 CET | 1440 | 45252 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:23.326948881 CET | 45252 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:23.331713915 CET | 1440 | 45252 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:24.430335999 CET | 45254 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:24.435113907 CET | 1440 | 45254 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:24.435198069 CET | 45254 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:24.436425924 CET | 45254 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:24.441153049 CET | 1440 | 45254 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:24.441221952 CET | 45254 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:24.446886063 CET | 1440 | 45254 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:35.002727032 CET | 1440 | 45254 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:35.003169060 CET | 45254 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:35.008037090 CET | 1440 | 45254 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:36.129827023 CET | 45256 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:36.134602070 CET | 1440 | 45256 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:36.134711027 CET | 45256 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:36.136178017 CET | 45256 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:36.140935898 CET | 1440 | 45256 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:36.141014099 CET | 45256 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:36.146358013 CET | 1440 | 45256 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:46.722345114 CET | 1440 | 45256 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:46.722714901 CET | 45256 | 1440 | 192.168.2.23 | 104.248.47.182 |
Mar 19, 2025 19:29:46.728349924 CET | 1440 | 45256 | 104.248.47.182 | 192.168.2.23 |
Mar 19, 2025 19:29:47.740912914 CET | 54370 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:29:47.745624065 CET | 1440 | 54370 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:29:47.745707989 CET | 54370 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:29:47.746402979 CET | 54370 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:29:47.751027107 CET | 1440 | 54370 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:29:47.751076937 CET | 54370 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:29:47.755666018 CET | 1440 | 54370 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:29:58.365775108 CET | 1440 | 54370 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:29:58.366046906 CET | 54370 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:29:58.370826006 CET | 1440 | 54370 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:29:59.829375029 CET | 54372 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:29:59.834122896 CET | 1440 | 54372 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:29:59.834220886 CET | 54372 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:29:59.835342884 CET | 54372 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:29:59.839955091 CET | 1440 | 54372 | 45.147.251.145 | 192.168.2.23 |
Mar 19, 2025 19:29:59.840024948 CET | 54372 | 1440 | 192.168.2.23 | 45.147.251.145 |
Mar 19, 2025 19:29:59.844692945 CET | 1440 | 54372 | 45.147.251.145 | 192.168.2.23 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 19, 2025 19:28:02.955651999 CET | 59641 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 19, 2025 19:28:02.972443104 CET | 53 | 59641 | 194.36.144.87 | 192.168.2.23 |
Mar 19, 2025 19:28:14.197251081 CET | 56040 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 19, 2025 19:28:14.289311886 CET | 53 | 56040 | 168.235.111.72 | 192.168.2.23 |
Mar 19, 2025 19:28:14.290872097 CET | 59598 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 19, 2025 19:28:14.383790970 CET | 53 | 59598 | 168.235.111.72 | 192.168.2.23 |
Mar 19, 2025 19:28:14.386940956 CET | 46667 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 19, 2025 19:28:14.478199959 CET | 53 | 46667 | 168.235.111.72 | 192.168.2.23 |
Mar 19, 2025 19:28:14.479515076 CET | 56665 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 19, 2025 19:28:14.566313028 CET | 53 | 56665 | 168.235.111.72 | 192.168.2.23 |
Mar 19, 2025 19:28:14.567816973 CET | 60098 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 19, 2025 19:28:14.660711050 CET | 53 | 60098 | 168.235.111.72 | 192.168.2.23 |
Mar 19, 2025 19:28:26.291650057 CET | 38909 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 19:28:26.307404995 CET | 53 | 38909 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 19:28:37.931705952 CET | 52544 | 53 | 192.168.2.23 | 185.181.61.24 |
Mar 19, 2025 19:28:37.969584942 CET | 53 | 52544 | 185.181.61.24 | 192.168.2.23 |
Mar 19, 2025 19:28:49.597780943 CET | 44375 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 19:28:49.615978003 CET | 53 | 44375 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 19:28:49.617036104 CET | 33729 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 19:28:49.634401083 CET | 53 | 33729 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 19:28:49.635422945 CET | 41238 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 19:28:49.652548075 CET | 53 | 41238 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 19:28:49.653753996 CET | 57399 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 19:28:49.672527075 CET | 53 | 57399 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 19:28:49.673769951 CET | 54049 | 53 | 192.168.2.23 | 202.61.197.122 |
Mar 19, 2025 19:28:49.691514015 CET | 53 | 54049 | 202.61.197.122 | 192.168.2.23 |
Mar 19, 2025 19:29:01.320274115 CET | 54195 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 19, 2025 19:29:01.413372993 CET | 53 | 54195 | 168.235.111.72 | 192.168.2.23 |
Mar 19, 2025 19:29:13.021852016 CET | 34091 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 19:29:13.041723967 CET | 53 | 34091 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 19:29:13.043431044 CET | 37747 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 19:29:13.061542988 CET | 53 | 37747 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 19:29:13.062556982 CET | 36760 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 19:29:13.078835964 CET | 53 | 36760 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 19:29:13.079791069 CET | 37047 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 19:29:13.095026970 CET | 53 | 37047 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 19:29:13.096157074 CET | 34906 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 19:29:13.111550093 CET | 53 | 34906 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 19:29:24.329859018 CET | 57339 | 53 | 192.168.2.23 | 152.53.15.127 |
Mar 19, 2025 19:29:24.346957922 CET | 53 | 57339 | 152.53.15.127 | 192.168.2.23 |
Mar 19, 2025 19:29:24.348311901 CET | 51890 | 53 | 192.168.2.23 | 152.53.15.127 |
Mar 19, 2025 19:29:24.366311073 CET | 53 | 51890 | 152.53.15.127 | 192.168.2.23 |
Mar 19, 2025 19:29:24.367644072 CET | 33492 | 53 | 192.168.2.23 | 152.53.15.127 |
Mar 19, 2025 19:29:24.391412020 CET | 53 | 33492 | 152.53.15.127 | 192.168.2.23 |
Mar 19, 2025 19:29:24.392774105 CET | 43011 | 53 | 192.168.2.23 | 152.53.15.127 |
Mar 19, 2025 19:29:24.411000013 CET | 53 | 43011 | 152.53.15.127 | 192.168.2.23 |
Mar 19, 2025 19:29:24.412214994 CET | 46707 | 53 | 192.168.2.23 | 152.53.15.127 |
Mar 19, 2025 19:29:24.429207087 CET | 53 | 46707 | 152.53.15.127 | 192.168.2.23 |
Mar 19, 2025 19:29:36.007117987 CET | 37257 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 19, 2025 19:29:36.029783010 CET | 53 | 37257 | 194.36.144.87 | 192.168.2.23 |
Mar 19, 2025 19:29:36.031671047 CET | 37681 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 19, 2025 19:29:36.055332899 CET | 53 | 37681 | 194.36.144.87 | 192.168.2.23 |
Mar 19, 2025 19:29:36.057568073 CET | 38292 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 19, 2025 19:29:36.081583023 CET | 53 | 38292 | 194.36.144.87 | 192.168.2.23 |
Mar 19, 2025 19:29:36.082834959 CET | 50366 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 19, 2025 19:29:36.105211020 CET | 53 | 50366 | 194.36.144.87 | 192.168.2.23 |
Mar 19, 2025 19:29:36.106446028 CET | 58794 | 53 | 192.168.2.23 | 194.36.144.87 |
Mar 19, 2025 19:29:36.129096985 CET | 53 | 58794 | 194.36.144.87 | 192.168.2.23 |
Mar 19, 2025 19:29:47.724829912 CET | 60435 | 53 | 192.168.2.23 | 51.158.108.203 |
Mar 19, 2025 19:29:47.740293026 CET | 53 | 60435 | 51.158.108.203 | 192.168.2.23 |
Mar 19, 2025 19:29:59.369502068 CET | 59571 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 19, 2025 19:29:59.458540916 CET | 53 | 59571 | 168.235.111.72 | 192.168.2.23 |
Mar 19, 2025 19:29:59.460669994 CET | 49977 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 19, 2025 19:29:59.550158024 CET | 53 | 49977 | 168.235.111.72 | 192.168.2.23 |
Mar 19, 2025 19:29:59.551913977 CET | 51397 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 19, 2025 19:29:59.643565893 CET | 53 | 51397 | 168.235.111.72 | 192.168.2.23 |
Mar 19, 2025 19:29:59.645450115 CET | 54420 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 19, 2025 19:29:59.733650923 CET | 53 | 54420 | 168.235.111.72 | 192.168.2.23 |
Mar 19, 2025 19:29:59.735328913 CET | 54320 | 53 | 192.168.2.23 | 168.235.111.72 |
Mar 19, 2025 19:29:59.828411102 CET | 53 | 54320 | 168.235.111.72 | 192.168.2.23 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 19, 2025 19:28:02.955651999 CET | 192.168.2.23 | 194.36.144.87 | 0x5c97 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 19, 2025 19:28:14.197251081 CET | 192.168.2.23 | 168.235.111.72 | 0x8c71 | Standard query (0) | 256 | 446 | false | |
Mar 19, 2025 19:28:14.290872097 CET | 192.168.2.23 | 168.235.111.72 | 0x8c71 | Standard query (0) | 256 | 446 | false | |
Mar 19, 2025 19:28:14.386940956 CET | 192.168.2.23 | 168.235.111.72 | 0x8c71 | Standard query (0) | 256 | 446 | false | |
Mar 19, 2025 19:28:14.479515076 CET | 192.168.2.23 | 168.235.111.72 | 0x8c71 | Standard query (0) | 256 | 446 | false | |
Mar 19, 2025 19:28:14.567816973 CET | 192.168.2.23 | 168.235.111.72 | 0x8c71 | Standard query (0) | 256 | 446 | false | |
Mar 19, 2025 19:28:26.291650057 CET | 192.168.2.23 | 51.158.108.203 | 0xf1a4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 19, 2025 19:28:37.931705952 CET | 192.168.2.23 | 185.181.61.24 | 0x363b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 19, 2025 19:28:49.597780943 CET | 192.168.2.23 | 202.61.197.122 | 0xc852 | Standard query (0) | 256 | 481 | false | |
Mar 19, 2025 19:28:49.617036104 CET | 192.168.2.23 | 202.61.197.122 | 0xc852 | Standard query (0) | 256 | 481 | false | |
Mar 19, 2025 19:28:49.635422945 CET | 192.168.2.23 | 202.61.197.122 | 0xc852 | Standard query (0) | 256 | 481 | false | |
Mar 19, 2025 19:28:49.653753996 CET | 192.168.2.23 | 202.61.197.122 | 0xc852 | Standard query (0) | 256 | 481 | false | |
Mar 19, 2025 19:28:49.673769951 CET | 192.168.2.23 | 202.61.197.122 | 0xc852 | Standard query (0) | 256 | 481 | false | |
Mar 19, 2025 19:29:01.320274115 CET | 192.168.2.23 | 168.235.111.72 | 0x1237 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 19, 2025 19:29:13.021852016 CET | 192.168.2.23 | 51.158.108.203 | 0x6392 | Standard query (0) | 256 | 505 | false | |
Mar 19, 2025 19:29:13.043431044 CET | 192.168.2.23 | 51.158.108.203 | 0x6392 | Standard query (0) | 256 | 505 | false | |
Mar 19, 2025 19:29:13.062556982 CET | 192.168.2.23 | 51.158.108.203 | 0x6392 | Standard query (0) | 256 | 505 | false | |
Mar 19, 2025 19:29:13.079791069 CET | 192.168.2.23 | 51.158.108.203 | 0x6392 | Standard query (0) | 256 | 505 | false | |
Mar 19, 2025 19:29:13.096157074 CET | 192.168.2.23 | 51.158.108.203 | 0x6392 | Standard query (0) | 256 | 505 | false | |
Mar 19, 2025 19:29:24.329859018 CET | 192.168.2.23 | 152.53.15.127 | 0x48a2 | Standard query (0) | 256 | 260 | false | |
Mar 19, 2025 19:29:24.348311901 CET | 192.168.2.23 | 152.53.15.127 | 0x48a2 | Standard query (0) | 256 | 260 | false | |
Mar 19, 2025 19:29:24.367644072 CET | 192.168.2.23 | 152.53.15.127 | 0x48a2 | Standard query (0) | 256 | 260 | false | |
Mar 19, 2025 19:29:24.392774105 CET | 192.168.2.23 | 152.53.15.127 | 0x48a2 | Standard query (0) | 256 | 260 | false | |
Mar 19, 2025 19:29:24.412214994 CET | 192.168.2.23 | 152.53.15.127 | 0x48a2 | Standard query (0) | 256 | 260 | false | |
Mar 19, 2025 19:29:36.007117987 CET | 192.168.2.23 | 194.36.144.87 | 0x2b2e | Standard query (0) | 256 | 272 | false | |
Mar 19, 2025 19:29:36.031671047 CET | 192.168.2.23 | 194.36.144.87 | 0x2b2e | Standard query (0) | 256 | 272 | false | |
Mar 19, 2025 19:29:36.057568073 CET | 192.168.2.23 | 194.36.144.87 | 0x2b2e | Standard query (0) | 256 | 272 | false | |
Mar 19, 2025 19:29:36.082834959 CET | 192.168.2.23 | 194.36.144.87 | 0x2b2e | Standard query (0) | 256 | 272 | false | |
Mar 19, 2025 19:29:36.106446028 CET | 192.168.2.23 | 194.36.144.87 | 0x2b2e | Standard query (0) | 256 | 272 | false | |
Mar 19, 2025 19:29:47.724829912 CET | 192.168.2.23 | 51.158.108.203 | 0xbc73 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 19, 2025 19:29:59.369502068 CET | 192.168.2.23 | 168.235.111.72 | 0x175d | Standard query (0) | 256 | 295 | false | |
Mar 19, 2025 19:29:59.460669994 CET | 192.168.2.23 | 168.235.111.72 | 0x175d | Standard query (0) | 256 | 295 | false | |
Mar 19, 2025 19:29:59.551913977 CET | 192.168.2.23 | 168.235.111.72 | 0x175d | Standard query (0) | 256 | 295 | false | |
Mar 19, 2025 19:29:59.645450115 CET | 192.168.2.23 | 168.235.111.72 | 0x175d | Standard query (0) | 256 | 295 | false | |
Mar 19, 2025 19:29:59.735328913 CET | 192.168.2.23 | 168.235.111.72 | 0x175d | Standard query (0) | 256 | 295 | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 19, 2025 19:28:02.972443104 CET | 194.36.144.87 | 192.168.2.23 | 0x5c97 | No error (0) | 185.220.204.227 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:28:02.972443104 CET | 194.36.144.87 | 192.168.2.23 | 0x5c97 | No error (0) | 104.248.47.182 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:28:02.972443104 CET | 194.36.144.87 | 192.168.2.23 | 0x5c97 | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:28:26.307404995 CET | 51.158.108.203 | 192.168.2.23 | 0xf1a4 | No error (0) | 185.220.204.227 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:28:26.307404995 CET | 51.158.108.203 | 192.168.2.23 | 0xf1a4 | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:28:26.307404995 CET | 51.158.108.203 | 192.168.2.23 | 0xf1a4 | No error (0) | 104.248.47.182 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:28:37.969584942 CET | 185.181.61.24 | 192.168.2.23 | 0x363b | No error (0) | 185.220.204.227 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:28:37.969584942 CET | 185.181.61.24 | 192.168.2.23 | 0x363b | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:28:37.969584942 CET | 185.181.61.24 | 192.168.2.23 | 0x363b | No error (0) | 104.248.47.182 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:29:01.413372993 CET | 168.235.111.72 | 192.168.2.23 | 0x1237 | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:29:01.413372993 CET | 168.235.111.72 | 192.168.2.23 | 0x1237 | No error (0) | 104.248.47.182 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:29:01.413372993 CET | 168.235.111.72 | 192.168.2.23 | 0x1237 | No error (0) | 185.220.204.227 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:29:13.041723967 CET | 51.158.108.203 | 192.168.2.23 | 0x6392 | Format error (1) | none | none | 256 | 505 | false | |
Mar 19, 2025 19:29:13.061542988 CET | 51.158.108.203 | 192.168.2.23 | 0x6392 | Format error (1) | none | none | 256 | 505 | false | |
Mar 19, 2025 19:29:13.078835964 CET | 51.158.108.203 | 192.168.2.23 | 0x6392 | Format error (1) | none | none | 256 | 505 | false | |
Mar 19, 2025 19:29:13.095026970 CET | 51.158.108.203 | 192.168.2.23 | 0x6392 | Format error (1) | none | none | 256 | 505 | false | |
Mar 19, 2025 19:29:13.111550093 CET | 51.158.108.203 | 192.168.2.23 | 0x6392 | Format error (1) | none | none | 256 | 505 | false | |
Mar 19, 2025 19:29:24.346957922 CET | 152.53.15.127 | 192.168.2.23 | 0x48a2 | Format error (1) | none | none | 256 | 260 | false | |
Mar 19, 2025 19:29:24.366311073 CET | 152.53.15.127 | 192.168.2.23 | 0x48a2 | Format error (1) | none | none | 256 | 260 | false | |
Mar 19, 2025 19:29:24.391412020 CET | 152.53.15.127 | 192.168.2.23 | 0x48a2 | Format error (1) | none | none | 256 | 260 | false | |
Mar 19, 2025 19:29:24.411000013 CET | 152.53.15.127 | 192.168.2.23 | 0x48a2 | Format error (1) | none | none | 256 | 260 | false | |
Mar 19, 2025 19:29:24.429207087 CET | 152.53.15.127 | 192.168.2.23 | 0x48a2 | Format error (1) | none | none | 256 | 260 | false | |
Mar 19, 2025 19:29:36.029783010 CET | 194.36.144.87 | 192.168.2.23 | 0x2b2e | Format error (1) | none | none | 256 | 272 | false | |
Mar 19, 2025 19:29:36.055332899 CET | 194.36.144.87 | 192.168.2.23 | 0x2b2e | Format error (1) | none | none | 256 | 272 | false | |
Mar 19, 2025 19:29:36.081583023 CET | 194.36.144.87 | 192.168.2.23 | 0x2b2e | Format error (1) | none | none | 256 | 272 | false | |
Mar 19, 2025 19:29:36.105211020 CET | 194.36.144.87 | 192.168.2.23 | 0x2b2e | Format error (1) | none | none | 256 | 272 | false | |
Mar 19, 2025 19:29:36.129096985 CET | 194.36.144.87 | 192.168.2.23 | 0x2b2e | Format error (1) | none | none | 256 | 272 | false | |
Mar 19, 2025 19:29:47.740293026 CET | 51.158.108.203 | 192.168.2.23 | 0xbc73 | No error (0) | 185.220.204.227 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:29:47.740293026 CET | 51.158.108.203 | 192.168.2.23 | 0xbc73 | No error (0) | 45.147.251.145 | A (IP address) | IN (0x0001) | false | ||
Mar 19, 2025 19:29:47.740293026 CET | 51.158.108.203 | 192.168.2.23 | 0xbc73 | No error (0) | 104.248.47.182 | A (IP address) | IN (0x0001) | false |
System Behavior
Start time (UTC): | 18:28:01 |
Start date (UTC): | 19/03/2025 |
Path: | /tmp/zerarm.elf |
Arguments: | /tmp/zerarm.elf |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 18:28:01 |
Start date (UTC): | 19/03/2025 |
Path: | /tmp/zerarm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |
Start time (UTC): | 18:28:01 |
Start date (UTC): | 19/03/2025 |
Path: | /tmp/zerarm.elf |
Arguments: | - |
File size: | 4956856 bytes |
MD5 hash: | 5ebfcae4fe2471fcc5695c2394773ff1 |