{"timestamp":"2025-11-12T15:05:30.988741+0000","flow_id":587436875587999,"pcap_cnt":422,"event_type":"dns","src_ip":"10.3.10.8","src_port":59092,"dest_ip":"10.3.10.6","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"version":2,"type":"query","id":26714,"rrname":"DC011UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA.attackrange.local","rrtype":"A","tx_id":0,"opcode":0}}
{"timestamp":"2025-11-12T15:05:30.989059+0000","flow_id":587436875587999,"pcap_cnt":423,"event_type":"dns","src_ip":"10.3.10.8","src_port":59092,"dest_ip":"10.3.10.6","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"version":2,"type":"answer","id":26714,"flags":"8580","qr":true,"aa":true,"rd":true,"ra":true,"opcode":0,"rrname":"DC011UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA.attackrange.local","rrtype":"A","rcode":"NOERROR","answers":[{"rrname":"DC011UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA.attackrange.local","rrtype":"A","ttl":180,"rdata":"10.3.10.8"}],"grouped":{"A":["10.3.10.8"]}}}
{"timestamp":"2025-11-12T15:05:30.989230+0000","flow_id":589535900675259,"pcap_cnt":424,"event_type":"dns","src_ip":"10.3.10.8","src_port":50331,"dest_ip":"10.3.10.6","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"version":2,"type":"query","id":38435,"rrname":"DC011UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA.attackrange.local","rrtype":"AAAA","tx_id":0,"opcode":0}}
{"timestamp":"2025-11-12T15:05:30.989376+0000","flow_id":589535900675259,"pcap_cnt":425,"event_type":"dns","src_ip":"10.3.10.8","src_port":50331,"dest_ip":"10.3.10.6","dest_port":53,"proto":"UDP","pkt_src":"wire/pcap","dns":{"version":2,"type":"answer","id":38435,"flags":"8580","qr":true,"aa":true,"rd":true,"ra":true,"opcode":0,"rrname":"DC011UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA.attackrange.local","rrtype":"AAAA","rcode":"NOERROR","authorities":[{"rrname":"attackrange.local","rrtype":"SOA","ttl":3600,"soa":{"mname":"dc01.attackrange.local","rname":"hostmaster.attackrange.local","serial":67,"refresh":900,"retry":600,"expire":86400,"minimum":3600}}]}}