Edit tour
Linux
Analysis Report
zerspc.elf
Overview
General Information
| Sample name: | zerspc.elf |
| Analysis ID: | 1628588 |
| MD5: | 9a7ab644b5cfff336193a9c98aba68f3 |
| SHA1: | 4a54c26126f0b731d223ab28a4f3d14d0b6a03e1 |
| SHA256: | 5e8c954f9cf3707edfb4ddd9204669f1b057864671849b65f658435ee9ff07a3 |
| Tags: | elfuser-abuse_ch |
| Infos: |
Detection
| Score: | 52 |
| Range: | 0 - 100 |
Signatures
Multi AV Scanner detection for submitted file
Sends malformed DNS queries
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Sample listens on a socket
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Uses the "uname" system call to query kernel version information (possible evasion)
Classification
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1628588 |
| Start date and time: | 2025-03-03 23:18:07 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 43s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultlinuxfilecookbook.jbs |
| Analysis system description: | Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11) |
| Analysis Mode: | default |
| Sample name: | zerspc.elf |
| Detection: | MAL |
| Classification: | mal52.troj.linELF@0/0@32/0 |
| Command: | /tmp/zerspc.elf |
| PID: | 6238 |
| Exit Code: | 0 |
| Exit Code Info: | |
| Killed: | False |
| Standard Output: | gosh that chinese family at the other table sure ate a lot |
| Standard Error: |
- system is lnxubuntu20
- zerspc.elf New Fork (PID: 6240, Parent: 6238)
- zerspc.elf New Fork (PID: 6242, Parent: 6240)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
Networking | |
|---|
| Source: | DNS traffic detected: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | Socket: | Jump to behavior | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | .symtab present: | ||
| Source: | Classification label: | ||
| Source: | Queries kernel information via 'uname': | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 11 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
⊘No configs have been found
Is Dropped
Number of created Files
Is malicious
Internet| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 40% | Virustotal | Browse | ||
| 42% | ReversingLabs | Linux.Backdoor.Mirai |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| serisontop.dyn | 46.19.143.10 | true | false | high | |
| serisbot.geek. [malformed] | unknown | unknown | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 46.19.143.10 | serisontop.dyn | Switzerland | 51852 | PLI-ASCH | false | |
| 109.202.202.202 | unknown | Switzerland | 13030 | INIT7CH | false | |
| 139.59.207.216 | unknown | Singapore | 14061 | DIGITALOCEAN-ASNUS | false | |
| 46.101.69.129 | unknown | Netherlands | 14061 | DIGITALOCEAN-ASNUS | false | |
| 91.189.91.43 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false | |
| 91.189.91.42 | unknown | United Kingdom | 41231 | CANONICAL-ASGB | false |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 46.19.143.10 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 139.59.207.216 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 109.202.202.202 | Get hash | malicious | Unknown | Browse |
| |
| 46.101.69.129 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| 91.189.91.43 | Get hash | malicious | Mirai | Browse | ||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| 91.189.91.42 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Mirai | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Prometei | Browse | |||
| Get hash | malicious | Prometei | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| serisontop.dyn | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| DIGITALOCEAN-ASNUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| CANONICAL-ASGB | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| DIGITALOCEAN-ASNUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| PLI-ASCH | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey, GhostRat, GuLoader, LummaC Stealer, XWorm, Xmrig | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| INIT7CH | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
| ||
| Get hash | malicious | Prometei | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.060742435032787 |
| TrID: |
|
| File name: | zerspc.elf |
| File size: | 52'616 bytes |
| MD5: | 9a7ab644b5cfff336193a9c98aba68f3 |
| SHA1: | 4a54c26126f0b731d223ab28a4f3d14d0b6a03e1 |
| SHA256: | 5e8c954f9cf3707edfb4ddd9204669f1b057864671849b65f658435ee9ff07a3 |
| SHA512: | 2c715024c59a2878c998d0e782b2c40c93988c9dce1f6bfb74510f42c6e03feddbb33cd4b2b37c3d27d004005108a5c2a37a3103a12a27447c0b4e18300836d8 |
| SSDEEP: | 768:+HofSq9982ogKyfvq7I96sDwUmHbnckN4p7kO+/QpSALitdXQ:+HCSS98lvyfvq7I96sDHmHLZSJ+/OSg |
| TLSH: | FA335A21A9392E17C8D4B87E22F34724B2F6174E35A8C72E7D721E8EFF20A4411176B5 |
| File Content Preview: | .ELF...........................4.........4. ...(...........................................................T........dt.Q................................@..(....@./.................#.....c...`.....!.....!...@.....".........`......$!...!...@...........`.... |
ELF header | |
|---|---|
| Class: | |
| Data: | |
| Version: | |
| Machine: | |
| Version Number: | |
| Type: | |
| OS/ABI: | |
| ABI Version: | 0 |
| Entry Point Address: | |
| Flags: | |
| ELF Header Size: | 52 |
| Program Header Offset: | 52 |
| Program Header Size: | 32 |
| Number of Program Headers: | 3 |
| Section Header Offset: | 52176 |
| Section Header Size: | 40 |
| Number of Section Headers: | 11 |
| Header String Table Index: | 10 |
| Name | Type | Address | Offset | Size | EntSize | Flags | Flags Description | Link | Info | Align |
|---|---|---|---|---|---|---|---|---|---|---|
| NULL | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0 | 0 | 0 | ||
| .init | PROGBITS | 0x10094 | 0x94 | 0x1c | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .text | PROGBITS | 0x100b0 | 0xb0 | 0xc010 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .fini | PROGBITS | 0x1c0c0 | 0xc0c0 | 0x14 | 0x0 | 0x6 | AX | 0 | 0 | 4 |
| .rodata | PROGBITS | 0x1c0d8 | 0xc0d8 | 0x8e8 | 0x0 | 0x2 | A | 0 | 0 | 8 |
| .ctors | PROGBITS | 0x2c9c4 | 0xc9c4 | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .dtors | PROGBITS | 0x2c9cc | 0xc9cc | 0x8 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .jcr | PROGBITS | 0x2c9d4 | 0xc9d4 | 0x4 | 0x0 | 0x3 | WA | 0 | 0 | 4 |
| .data | PROGBITS | 0x2c9d8 | 0xc9d8 | 0x1b4 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
| .bss | NOBITS | 0x2cb90 | 0xcb8c | 0x288 | 0x0 | 0x3 | WA | 0 | 0 | 8 |
| .shstrtab | STRTAB | 0x0 | 0xcb8c | 0x43 | 0x0 | 0x0 | 0 | 0 | 1 |
| Type | Offset | Virtual Address | Physical Address | File Size | Memory Size | Entropy | Flags | Flags Description | Align | Prog Interpreter | Section Mappings |
|---|---|---|---|---|---|---|---|---|---|---|---|
| LOAD | 0x0 | 0x10000 | 0x10000 | 0xc9c0 | 0xc9c0 | 6.0926 | 0x5 | R E | 0x10000 | .init .text .fini .rodata | |
| LOAD | 0xc9c4 | 0x2c9c4 | 0x2c9c4 | 0x1c8 | 0x454 | 2.2710 | 0x6 | RW | 0x10000 | .ctors .dtors .jcr .data .bss | |
| GNU_STACK | 0x0 | 0x0 | 0x0 | 0x0 | 0x0 | 0.0000 | 0x6 | RW | 0x4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 3, 2025 23:18:55.848197937 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Mar 3, 2025 23:18:56.703335047 CET | 52532 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:18:56.708342075 CET | 1440 | 52532 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:18:56.708405972 CET | 52532 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:18:56.725595951 CET | 52532 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:18:56.730617046 CET | 1440 | 52532 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:18:56.730657101 CET | 52532 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:18:56.735691071 CET | 1440 | 52532 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:01.479475021 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Mar 3, 2025 23:19:02.247245073 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Mar 3, 2025 23:19:06.725164890 CET | 52532 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:06.730300903 CET | 1440 | 52532 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:06.929152012 CET | 1440 | 52532 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:06.929614067 CET | 52532 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:06.934686899 CET | 1440 | 52532 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:07.040951014 CET | 52534 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:07.046019077 CET | 1440 | 52534 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:07.046094894 CET | 52534 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:07.047261000 CET | 52534 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:07.052284002 CET | 1440 | 52534 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:07.052350044 CET | 52534 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:07.057382107 CET | 1440 | 52534 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:15.813416958 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Mar 3, 2025 23:19:17.632868052 CET | 1440 | 52534 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:17.633306026 CET | 52534 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:17.638473988 CET | 1440 | 52534 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:17.722471952 CET | 52536 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:17.727607965 CET | 1440 | 52536 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:17.727751017 CET | 52536 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:17.728806973 CET | 52536 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:17.733911991 CET | 1440 | 52536 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:17.733989000 CET | 52536 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:17.739105940 CET | 1440 | 52536 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:28.099756956 CET | 42836 | 443 | 192.168.2.23 | 91.189.91.43 |
| Mar 3, 2025 23:19:28.359262943 CET | 1440 | 52536 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:28.359555006 CET | 52536 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:28.364581108 CET | 1440 | 52536 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:28.812108994 CET | 52538 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:28.817225933 CET | 1440 | 52538 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:28.817374945 CET | 52538 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:28.818558931 CET | 52538 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:28.823640108 CET | 1440 | 52538 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:28.823721886 CET | 52538 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:28.828787088 CET | 1440 | 52538 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:32.195169926 CET | 42516 | 80 | 192.168.2.23 | 109.202.202.202 |
| Mar 3, 2025 23:19:39.410717964 CET | 1440 | 52538 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:39.411036968 CET | 52538 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:39.416125059 CET | 1440 | 52538 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:39.436145067 CET | 52540 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:39.441353083 CET | 1440 | 52540 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:39.441441059 CET | 52540 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:39.442758083 CET | 52540 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:39.448108912 CET | 1440 | 52540 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:39.448193073 CET | 52540 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:39.453579903 CET | 1440 | 52540 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:49.993577003 CET | 1440 | 52540 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:49.994170904 CET | 52540 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:49.999284029 CET | 1440 | 52540 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:50.116189957 CET | 52542 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:50.122370958 CET | 1440 | 52542 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:50.122498989 CET | 52542 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:50.123619080 CET | 52542 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:50.129842997 CET | 1440 | 52542 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:50.129911900 CET | 52542 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:19:50.136197090 CET | 1440 | 52542 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:19:56.767761946 CET | 43928 | 443 | 192.168.2.23 | 91.189.91.42 |
| Mar 3, 2025 23:20:00.728413105 CET | 1440 | 52542 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:20:00.728724003 CET | 52542 | 1440 | 192.168.2.23 | 46.101.69.129 |
| Mar 3, 2025 23:20:00.733778000 CET | 1440 | 52542 | 46.101.69.129 | 192.168.2.23 |
| Mar 3, 2025 23:20:00.768991947 CET | 55760 | 1440 | 192.168.2.23 | 139.59.207.216 |
| Mar 3, 2025 23:20:00.774070978 CET | 1440 | 55760 | 139.59.207.216 | 192.168.2.23 |
| Mar 3, 2025 23:20:00.774262905 CET | 55760 | 1440 | 192.168.2.23 | 139.59.207.216 |
| Mar 3, 2025 23:20:00.775417089 CET | 55760 | 1440 | 192.168.2.23 | 139.59.207.216 |
| Mar 3, 2025 23:20:00.780425072 CET | 1440 | 55760 | 139.59.207.216 | 192.168.2.23 |
| Mar 3, 2025 23:20:00.780488014 CET | 55760 | 1440 | 192.168.2.23 | 139.59.207.216 |
| Mar 3, 2025 23:20:00.785502911 CET | 1440 | 55760 | 139.59.207.216 | 192.168.2.23 |
| Mar 3, 2025 23:20:10.784235001 CET | 55760 | 1440 | 192.168.2.23 | 139.59.207.216 |
| Mar 3, 2025 23:20:10.789541960 CET | 1440 | 55760 | 139.59.207.216 | 192.168.2.23 |
| Mar 3, 2025 23:20:11.029257059 CET | 1440 | 55760 | 139.59.207.216 | 192.168.2.23 |
| Mar 3, 2025 23:20:11.029611111 CET | 55760 | 1440 | 192.168.2.23 | 139.59.207.216 |
| Mar 3, 2025 23:20:11.036104918 CET | 1440 | 55760 | 139.59.207.216 | 192.168.2.23 |
| Mar 3, 2025 23:20:11.049772024 CET | 43816 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:11.054841042 CET | 1440 | 43816 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:11.054924011 CET | 43816 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:11.056554079 CET | 43816 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:11.061602116 CET | 1440 | 43816 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:11.061675072 CET | 43816 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:11.066618919 CET | 1440 | 43816 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:21.694164991 CET | 1440 | 43816 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:21.694741011 CET | 43816 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:21.700171947 CET | 1440 | 43816 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:21.715471983 CET | 43818 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:21.720673084 CET | 1440 | 43818 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:21.720757961 CET | 43818 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:21.721997976 CET | 43818 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:21.727276087 CET | 1440 | 43818 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:21.727368116 CET | 43818 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:21.732587099 CET | 1440 | 43818 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:32.309983969 CET | 1440 | 43818 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:32.310601950 CET | 43818 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:32.316004038 CET | 1440 | 43818 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:32.348288059 CET | 43820 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:32.353507996 CET | 1440 | 43820 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:32.353610039 CET | 43820 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:32.355356932 CET | 43820 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:32.360495090 CET | 1440 | 43820 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:32.360711098 CET | 43820 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:32.365813971 CET | 1440 | 43820 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:42.922825098 CET | 1440 | 43820 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:42.923177958 CET | 43820 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:42.928395987 CET | 1440 | 43820 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:43.008728981 CET | 43822 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:43.013860941 CET | 1440 | 43822 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:43.013926029 CET | 43822 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:43.014590979 CET | 43822 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:43.020246983 CET | 1440 | 43822 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:43.020308018 CET | 43822 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:43.026549101 CET | 1440 | 43822 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:53.578872919 CET | 1440 | 43822 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:53.579081059 CET | 43822 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:53.584530115 CET | 1440 | 43822 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:53.599615097 CET | 43824 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:53.604760885 CET | 1440 | 43824 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:53.604823112 CET | 43824 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:53.605674028 CET | 43824 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:53.610846996 CET | 1440 | 43824 | 46.19.143.10 | 192.168.2.23 |
| Mar 3, 2025 23:20:53.610899925 CET | 43824 | 1440 | 192.168.2.23 | 46.19.143.10 |
| Mar 3, 2025 23:20:53.615900993 CET | 1440 | 43824 | 46.19.143.10 | 192.168.2.23 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 3, 2025 23:18:56.681420088 CET | 59036 | 53 | 192.168.2.23 | 51.158.108.203 |
| Mar 3, 2025 23:18:56.697722912 CET | 53 | 59036 | 51.158.108.203 | 192.168.2.23 |
| Mar 3, 2025 23:19:06.931767941 CET | 32992 | 53 | 192.168.2.23 | 194.36.144.87 |
| Mar 3, 2025 23:19:06.949028015 CET | 53 | 32992 | 194.36.144.87 | 192.168.2.23 |
| Mar 3, 2025 23:19:06.950310946 CET | 43036 | 53 | 192.168.2.23 | 194.36.144.87 |
| Mar 3, 2025 23:19:06.967376947 CET | 53 | 43036 | 194.36.144.87 | 192.168.2.23 |
| Mar 3, 2025 23:19:06.968590975 CET | 35074 | 53 | 192.168.2.23 | 194.36.144.87 |
| Mar 3, 2025 23:19:06.991545916 CET | 53 | 35074 | 194.36.144.87 | 192.168.2.23 |
| Mar 3, 2025 23:19:06.992858887 CET | 47918 | 53 | 192.168.2.23 | 194.36.144.87 |
| Mar 3, 2025 23:19:07.015964031 CET | 53 | 47918 | 194.36.144.87 | 192.168.2.23 |
| Mar 3, 2025 23:19:07.017157078 CET | 36813 | 53 | 192.168.2.23 | 194.36.144.87 |
| Mar 3, 2025 23:19:07.040201902 CET | 53 | 36813 | 194.36.144.87 | 192.168.2.23 |
| Mar 3, 2025 23:19:17.635509968 CET | 43974 | 53 | 192.168.2.23 | 51.158.108.203 |
| Mar 3, 2025 23:19:17.651380062 CET | 53 | 43974 | 51.158.108.203 | 192.168.2.23 |
| Mar 3, 2025 23:19:17.653320074 CET | 46259 | 53 | 192.168.2.23 | 51.158.108.203 |
| Mar 3, 2025 23:19:17.668925047 CET | 53 | 46259 | 51.158.108.203 | 192.168.2.23 |
| Mar 3, 2025 23:19:17.670543909 CET | 40411 | 53 | 192.168.2.23 | 51.158.108.203 |
| Mar 3, 2025 23:19:17.686311960 CET | 53 | 40411 | 51.158.108.203 | 192.168.2.23 |
| Mar 3, 2025 23:19:17.687738895 CET | 53855 | 53 | 192.168.2.23 | 51.158.108.203 |
| Mar 3, 2025 23:19:17.704024076 CET | 53 | 53855 | 51.158.108.203 | 192.168.2.23 |
| Mar 3, 2025 23:19:17.705539942 CET | 51695 | 53 | 192.168.2.23 | 51.158.108.203 |
| Mar 3, 2025 23:19:17.721761942 CET | 53 | 51695 | 51.158.108.203 | 192.168.2.23 |
| Mar 3, 2025 23:19:28.360651016 CET | 59892 | 53 | 192.168.2.23 | 168.235.111.72 |
| Mar 3, 2025 23:19:28.450366974 CET | 53 | 59892 | 168.235.111.72 | 192.168.2.23 |
| Mar 3, 2025 23:19:28.451747894 CET | 34671 | 53 | 192.168.2.23 | 168.235.111.72 |
| Mar 3, 2025 23:19:28.539494038 CET | 53 | 34671 | 168.235.111.72 | 192.168.2.23 |
| Mar 3, 2025 23:19:28.540611982 CET | 45719 | 53 | 192.168.2.23 | 168.235.111.72 |
| Mar 3, 2025 23:19:28.628463984 CET | 53 | 45719 | 168.235.111.72 | 192.168.2.23 |
| Mar 3, 2025 23:19:28.630430937 CET | 42829 | 53 | 192.168.2.23 | 168.235.111.72 |
| Mar 3, 2025 23:19:28.718075037 CET | 53 | 42829 | 168.235.111.72 | 192.168.2.23 |
| Mar 3, 2025 23:19:28.719671011 CET | 41500 | 53 | 192.168.2.23 | 168.235.111.72 |
| Mar 3, 2025 23:19:28.810897112 CET | 53 | 41500 | 168.235.111.72 | 192.168.2.23 |
| Mar 3, 2025 23:19:39.412457943 CET | 38595 | 53 | 192.168.2.23 | 194.36.144.87 |
| Mar 3, 2025 23:19:39.435336113 CET | 53 | 38595 | 194.36.144.87 | 192.168.2.23 |
| Mar 3, 2025 23:19:49.995826006 CET | 44434 | 53 | 192.168.2.23 | 152.53.15.127 |
| Mar 3, 2025 23:19:50.020605087 CET | 53 | 44434 | 152.53.15.127 | 192.168.2.23 |
| Mar 3, 2025 23:19:50.022532940 CET | 54480 | 53 | 192.168.2.23 | 152.53.15.127 |
| Mar 3, 2025 23:19:50.040612936 CET | 53 | 54480 | 152.53.15.127 | 192.168.2.23 |
| Mar 3, 2025 23:19:50.042108059 CET | 35828 | 53 | 192.168.2.23 | 152.53.15.127 |
| Mar 3, 2025 23:19:50.065536976 CET | 53 | 35828 | 152.53.15.127 | 192.168.2.23 |
| Mar 3, 2025 23:19:50.067002058 CET | 60578 | 53 | 192.168.2.23 | 152.53.15.127 |
| Mar 3, 2025 23:19:50.090598106 CET | 53 | 60578 | 152.53.15.127 | 192.168.2.23 |
| Mar 3, 2025 23:19:50.092205048 CET | 34625 | 53 | 192.168.2.23 | 152.53.15.127 |
| Mar 3, 2025 23:19:50.115504980 CET | 53 | 34625 | 152.53.15.127 | 192.168.2.23 |
| Mar 3, 2025 23:20:00.730355978 CET | 45862 | 53 | 192.168.2.23 | 185.181.61.24 |
| Mar 3, 2025 23:20:00.767961979 CET | 53 | 45862 | 185.181.61.24 | 192.168.2.23 |
| Mar 3, 2025 23:20:11.031198978 CET | 50937 | 53 | 192.168.2.23 | 202.61.197.122 |
| Mar 3, 2025 23:20:11.048926115 CET | 53 | 50937 | 202.61.197.122 | 192.168.2.23 |
| Mar 3, 2025 23:20:21.697134972 CET | 50884 | 53 | 192.168.2.23 | 194.36.144.87 |
| Mar 3, 2025 23:20:21.714440107 CET | 53 | 50884 | 194.36.144.87 | 192.168.2.23 |
| Mar 3, 2025 23:20:32.313500881 CET | 41107 | 53 | 192.168.2.23 | 81.169.136.222 |
| Mar 3, 2025 23:20:32.347161055 CET | 53 | 41107 | 81.169.136.222 | 192.168.2.23 |
| Mar 3, 2025 23:20:42.924483061 CET | 45430 | 53 | 192.168.2.23 | 51.158.108.203 |
| Mar 3, 2025 23:20:42.940675020 CET | 53 | 45430 | 51.158.108.203 | 192.168.2.23 |
| Mar 3, 2025 23:20:42.941823006 CET | 49671 | 53 | 192.168.2.23 | 51.158.108.203 |
| Mar 3, 2025 23:20:42.957906961 CET | 53 | 49671 | 51.158.108.203 | 192.168.2.23 |
| Mar 3, 2025 23:20:42.959088087 CET | 43561 | 53 | 192.168.2.23 | 51.158.108.203 |
| Mar 3, 2025 23:20:42.974833965 CET | 53 | 43561 | 51.158.108.203 | 192.168.2.23 |
| Mar 3, 2025 23:20:42.975969076 CET | 37277 | 53 | 192.168.2.23 | 51.158.108.203 |
| Mar 3, 2025 23:20:42.991753101 CET | 53 | 37277 | 51.158.108.203 | 192.168.2.23 |
| Mar 3, 2025 23:20:42.992681980 CET | 46641 | 53 | 192.168.2.23 | 51.158.108.203 |
| Mar 3, 2025 23:20:43.008297920 CET | 53 | 46641 | 51.158.108.203 | 192.168.2.23 |
| Mar 3, 2025 23:20:53.580238104 CET | 39062 | 53 | 192.168.2.23 | 202.61.197.122 |
| Mar 3, 2025 23:20:53.599126101 CET | 53 | 39062 | 202.61.197.122 | 192.168.2.23 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 3, 2025 23:18:56.681420088 CET | 192.168.2.23 | 51.158.108.203 | 0x6bae | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 3, 2025 23:19:06.931767941 CET | 192.168.2.23 | 194.36.144.87 | 0x4525 | Standard query (0) | 256 | 474 | false | |
| Mar 3, 2025 23:19:06.950310946 CET | 192.168.2.23 | 194.36.144.87 | 0x4525 | Standard query (0) | 256 | 474 | false | |
| Mar 3, 2025 23:19:06.968590975 CET | 192.168.2.23 | 194.36.144.87 | 0x4525 | Standard query (0) | 256 | 474 | false | |
| Mar 3, 2025 23:19:06.992858887 CET | 192.168.2.23 | 194.36.144.87 | 0x4525 | Standard query (0) | 256 | 475 | false | |
| Mar 3, 2025 23:19:07.017157078 CET | 192.168.2.23 | 194.36.144.87 | 0x4525 | Standard query (0) | 256 | 475 | false | |
| Mar 3, 2025 23:19:17.635509968 CET | 192.168.2.23 | 51.158.108.203 | 0xd5e | Standard query (0) | 256 | 485 | false | |
| Mar 3, 2025 23:19:17.653320074 CET | 192.168.2.23 | 51.158.108.203 | 0xd5e | Standard query (0) | 256 | 485 | false | |
| Mar 3, 2025 23:19:17.670543909 CET | 192.168.2.23 | 51.158.108.203 | 0xd5e | Standard query (0) | 256 | 485 | false | |
| Mar 3, 2025 23:19:17.687738895 CET | 192.168.2.23 | 51.158.108.203 | 0xd5e | Standard query (0) | 256 | 485 | false | |
| Mar 3, 2025 23:19:17.705539942 CET | 192.168.2.23 | 51.158.108.203 | 0xd5e | Standard query (0) | 256 | 485 | false | |
| Mar 3, 2025 23:19:28.360651016 CET | 192.168.2.23 | 168.235.111.72 | 0xc48b | Standard query (0) | 256 | 496 | false | |
| Mar 3, 2025 23:19:28.451747894 CET | 192.168.2.23 | 168.235.111.72 | 0xc48b | Standard query (0) | 256 | 496 | false | |
| Mar 3, 2025 23:19:28.540611982 CET | 192.168.2.23 | 168.235.111.72 | 0xc48b | Standard query (0) | 256 | 496 | false | |
| Mar 3, 2025 23:19:28.630430937 CET | 192.168.2.23 | 168.235.111.72 | 0xc48b | Standard query (0) | 256 | 496 | false | |
| Mar 3, 2025 23:19:28.719671011 CET | 192.168.2.23 | 168.235.111.72 | 0xc48b | Standard query (0) | 256 | 496 | false | |
| Mar 3, 2025 23:19:39.412457943 CET | 192.168.2.23 | 194.36.144.87 | 0xd94 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 3, 2025 23:19:49.995826006 CET | 192.168.2.23 | 152.53.15.127 | 0x98d7 | Standard query (0) | 256 | 261 | false | |
| Mar 3, 2025 23:19:50.022532940 CET | 192.168.2.23 | 152.53.15.127 | 0x98d7 | Standard query (0) | 256 | 262 | false | |
| Mar 3, 2025 23:19:50.042108059 CET | 192.168.2.23 | 152.53.15.127 | 0x98d7 | Standard query (0) | 256 | 262 | false | |
| Mar 3, 2025 23:19:50.067002058 CET | 192.168.2.23 | 152.53.15.127 | 0x98d7 | Standard query (0) | 256 | 262 | false | |
| Mar 3, 2025 23:19:50.092205048 CET | 192.168.2.23 | 152.53.15.127 | 0x98d7 | Standard query (0) | 256 | 262 | false | |
| Mar 3, 2025 23:20:00.730355978 CET | 192.168.2.23 | 185.181.61.24 | 0xf30c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 3, 2025 23:20:11.031198978 CET | 192.168.2.23 | 202.61.197.122 | 0xad38 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 3, 2025 23:20:21.697134972 CET | 192.168.2.23 | 194.36.144.87 | 0x73f2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 3, 2025 23:20:32.313500881 CET | 192.168.2.23 | 81.169.136.222 | 0x7140 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 3, 2025 23:20:42.924483061 CET | 192.168.2.23 | 51.158.108.203 | 0xbb78 | Standard query (0) | 256 | 314 | false | |
| Mar 3, 2025 23:20:42.941823006 CET | 192.168.2.23 | 51.158.108.203 | 0xbb78 | Standard query (0) | 256 | 314 | false | |
| Mar 3, 2025 23:20:42.959088087 CET | 192.168.2.23 | 51.158.108.203 | 0xbb78 | Standard query (0) | 256 | 314 | false | |
| Mar 3, 2025 23:20:42.975969076 CET | 192.168.2.23 | 51.158.108.203 | 0xbb78 | Standard query (0) | 256 | 314 | false | |
| Mar 3, 2025 23:20:42.992681980 CET | 192.168.2.23 | 51.158.108.203 | 0xbb78 | Standard query (0) | 256 | 315 | false | |
| Mar 3, 2025 23:20:53.580238104 CET | 192.168.2.23 | 202.61.197.122 | 0xcbed | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 3, 2025 23:18:56.697722912 CET | 51.158.108.203 | 192.168.2.23 | 0x6bae | No error (0) | 46.19.143.10 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:18:56.697722912 CET | 51.158.108.203 | 192.168.2.23 | 0x6bae | No error (0) | 139.59.207.216 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:18:56.697722912 CET | 51.158.108.203 | 192.168.2.23 | 0x6bae | No error (0) | 46.101.69.129 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:19:06.949028015 CET | 194.36.144.87 | 192.168.2.23 | 0x4525 | Format error (1) | none | none | 256 | 474 | false | |
| Mar 3, 2025 23:19:06.967376947 CET | 194.36.144.87 | 192.168.2.23 | 0x4525 | Format error (1) | none | none | 256 | 474 | false | |
| Mar 3, 2025 23:19:06.991545916 CET | 194.36.144.87 | 192.168.2.23 | 0x4525 | Format error (1) | none | none | 256 | 474 | false | |
| Mar 3, 2025 23:19:07.015964031 CET | 194.36.144.87 | 192.168.2.23 | 0x4525 | Format error (1) | none | none | 256 | 475 | false | |
| Mar 3, 2025 23:19:07.040201902 CET | 194.36.144.87 | 192.168.2.23 | 0x4525 | Format error (1) | none | none | 256 | 475 | false | |
| Mar 3, 2025 23:19:17.651380062 CET | 51.158.108.203 | 192.168.2.23 | 0xd5e | Format error (1) | none | none | 256 | 485 | false | |
| Mar 3, 2025 23:19:17.668925047 CET | 51.158.108.203 | 192.168.2.23 | 0xd5e | Format error (1) | none | none | 256 | 485 | false | |
| Mar 3, 2025 23:19:17.686311960 CET | 51.158.108.203 | 192.168.2.23 | 0xd5e | Format error (1) | none | none | 256 | 485 | false | |
| Mar 3, 2025 23:19:17.704024076 CET | 51.158.108.203 | 192.168.2.23 | 0xd5e | Format error (1) | none | none | 256 | 485 | false | |
| Mar 3, 2025 23:19:17.721761942 CET | 51.158.108.203 | 192.168.2.23 | 0xd5e | Format error (1) | none | none | 256 | 485 | false | |
| Mar 3, 2025 23:19:39.435336113 CET | 194.36.144.87 | 192.168.2.23 | 0xd94 | No error (0) | 139.59.207.216 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:19:39.435336113 CET | 194.36.144.87 | 192.168.2.23 | 0xd94 | No error (0) | 46.101.69.129 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:19:39.435336113 CET | 194.36.144.87 | 192.168.2.23 | 0xd94 | No error (0) | 46.19.143.10 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:19:50.020605087 CET | 152.53.15.127 | 192.168.2.23 | 0x98d7 | Format error (1) | none | none | 256 | 262 | false | |
| Mar 3, 2025 23:19:50.040612936 CET | 152.53.15.127 | 192.168.2.23 | 0x98d7 | Format error (1) | none | none | 256 | 262 | false | |
| Mar 3, 2025 23:19:50.065536976 CET | 152.53.15.127 | 192.168.2.23 | 0x98d7 | Format error (1) | none | none | 256 | 262 | false | |
| Mar 3, 2025 23:19:50.090598106 CET | 152.53.15.127 | 192.168.2.23 | 0x98d7 | Format error (1) | none | none | 256 | 262 | false | |
| Mar 3, 2025 23:19:50.115504980 CET | 152.53.15.127 | 192.168.2.23 | 0x98d7 | Format error (1) | none | none | 256 | 262 | false | |
| Mar 3, 2025 23:20:00.767961979 CET | 185.181.61.24 | 192.168.2.23 | 0xf30c | No error (0) | 46.101.69.129 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:00.767961979 CET | 185.181.61.24 | 192.168.2.23 | 0xf30c | No error (0) | 139.59.207.216 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:00.767961979 CET | 185.181.61.24 | 192.168.2.23 | 0xf30c | No error (0) | 46.19.143.10 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:11.048926115 CET | 202.61.197.122 | 192.168.2.23 | 0xad38 | No error (0) | 46.101.69.129 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:11.048926115 CET | 202.61.197.122 | 192.168.2.23 | 0xad38 | No error (0) | 139.59.207.216 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:11.048926115 CET | 202.61.197.122 | 192.168.2.23 | 0xad38 | No error (0) | 46.19.143.10 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:21.714440107 CET | 194.36.144.87 | 192.168.2.23 | 0x73f2 | No error (0) | 46.101.69.129 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:21.714440107 CET | 194.36.144.87 | 192.168.2.23 | 0x73f2 | No error (0) | 46.19.143.10 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:21.714440107 CET | 194.36.144.87 | 192.168.2.23 | 0x73f2 | No error (0) | 139.59.207.216 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:32.347161055 CET | 81.169.136.222 | 192.168.2.23 | 0x7140 | No error (0) | 46.19.143.10 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:32.347161055 CET | 81.169.136.222 | 192.168.2.23 | 0x7140 | No error (0) | 46.101.69.129 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:32.347161055 CET | 81.169.136.222 | 192.168.2.23 | 0x7140 | No error (0) | 139.59.207.216 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:42.940675020 CET | 51.158.108.203 | 192.168.2.23 | 0xbb78 | Format error (1) | none | none | 256 | 314 | false | |
| Mar 3, 2025 23:20:42.957906961 CET | 51.158.108.203 | 192.168.2.23 | 0xbb78 | Format error (1) | none | none | 256 | 314 | false | |
| Mar 3, 2025 23:20:42.974833965 CET | 51.158.108.203 | 192.168.2.23 | 0xbb78 | Format error (1) | none | none | 256 | 314 | false | |
| Mar 3, 2025 23:20:42.991753101 CET | 51.158.108.203 | 192.168.2.23 | 0xbb78 | Format error (1) | none | none | 256 | 314 | false | |
| Mar 3, 2025 23:20:43.008297920 CET | 51.158.108.203 | 192.168.2.23 | 0xbb78 | Format error (1) | none | none | 256 | 315 | false | |
| Mar 3, 2025 23:20:53.599126101 CET | 202.61.197.122 | 192.168.2.23 | 0xcbed | No error (0) | 139.59.207.216 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:53.599126101 CET | 202.61.197.122 | 192.168.2.23 | 0xcbed | No error (0) | 46.19.143.10 | A (IP address) | IN (0x0001) | false | ||
| Mar 3, 2025 23:20:53.599126101 CET | 202.61.197.122 | 192.168.2.23 | 0xcbed | No error (0) | 46.101.69.129 | A (IP address) | IN (0x0001) | false |
System Behavior
| Start time (UTC): | 22:18:56 |
| Start date (UTC): | 03/03/2025 |
| Path: | /tmp/zerspc.elf |
| Arguments: | /tmp/zerspc.elf |
| File size: | 4379400 bytes |
| MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
| Start time (UTC): | 22:18:56 |
| Start date (UTC): | 03/03/2025 |
| Path: | /tmp/zerspc.elf |
| Arguments: | - |
| File size: | 4379400 bytes |
| MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |
| Start time (UTC): | 22:18:56 |
| Start date (UTC): | 03/03/2025 |
| Path: | /tmp/zerspc.elf |
| Arguments: | - |
| File size: | 4379400 bytes |
| MD5 hash: | 7dc1c0e23cd5e102bb12e5c29403410e |