Weird DNS Queries to a weird website is there a way to stop it ?

[SteeveMartinReeves]

Hi, i really need some help.

I have decided to do analyze my network traffic when i saw that two of my computer's makes some weird DNS queries to this url  zwyr157wwiu6eior.com

 

Here is the Output of my wireshark capture :

 

Frame 987: 112 bytes on wire (896 bits), 112 bytes captured (896 bits) on interface \Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A}, id 0

Interface id: 0 (\Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A})

Interface name: \Device\NPF_{55FD0CF9-BC43-4272-B55B-C621B4C05F5A}

Interface description: Wi-Fi 3

Encapsulation type: Ethernet (1)

Arrival Time: Sep 17, 2020 07:24:35.762840000 Est (heure d’été)

[Time shift for this packet: 0.000000000 seconds]

Epoch Time: 1600341875.762840000 seconds

[Time delta from previous captured frame: 0.012426000 seconds]

[Time delta from previous displayed frame: 0.012426000 seconds]

[Time since reference or first frame: 107.454245000 seconds]

Frame Number: 987

Frame Length: 112 bytes (896 bits)

Capture Length: 112 bytes (896 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ethertype:ip:udp:dns]

[Coloring Rule Name: UDP]

[Coloring Rule String: udp]

Ethernet II, Src: ASUSTekC_71:0e:f0 (14:dd:a9:71:0e:f0), Dst: Cisco-Li_82:01:51 (48:f8:b3:82:01:51)

Destination: Cisco-Li_82:01:51 (00:00:00:00:00:00) <- Hidden

Address: Cisco-Li_82:01:51 (00:00:00:00:00:00) <- Hidden

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

Source: ASUSTekC_71:0e:f0 (00:00:00:00:00:00) <- Hidden

Address: ASUSTekC_71:0e:f0 (00:00:00:00:00:00) <- Hidden

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

Type: IPv4 (0x0800)

Internet Protocol Version 4, Src: 192.168.1.1, Dst: 192.168.1.30

0100 .... = Version: 4

.... 0101 = Header Length: 20 bytes (5)

Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)

0000 00.. = Differentiated Services Codepoint: Default (0)

.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)

Total Length: 98

Identification: 0x0000 (0)

Flags: 0x4000, Don't fragment

0... .... .... .... = Reserved bit: Not set

.1.. .... .... .... = Don't fragment: Set

..0. .... .... .... = More fragments: Not set

Fragment offset: 0

Time to live: 64

Protocol: UDP (17)

Header checksum: 0xb71b [validation disabled]

[Header checksum status: Unverified]

Source: 192.168.1.1

Destination: 192.168.1.30

User Datagram Protocol, Src Port: 53, Dst Port: 53104

Source Port: 53

Destination Port: 53104

Length: 78

Checksum: 0x61d7 [unverified]

[Checksum Status: Unverified]

[Stream index: 176]

[Timestamps]

Domain Name System (response)

Transaction ID: 0x0dc9

Flags: 0x8180 Standard query response, No error

Questions: 1

Answer RRs: 2

Authority RRs: 0

Additional RRs: 0

Queries

Answers

[Request In: 986]

[Time: 0.012426000 seconds]

 

Is there anyway to stop malicious DNS queries ?

Thanks for your time and your read :)

-Steeve Reeves

 

[kevinf80]

Hello SteeveMartinReeves and welcome to Malwarebytes,

The URL you quote gets a clean bill of health form VirusTotal, why do you believe there is an issue..?

https://www.virustotal.com/gui/url/84327de474055cb108cd2e5b1d2ee530387dcbcf9b5e07a1349c6eb37348784a/detection

Thank you,

Kevin

[kevinf80]

Further analysis on the resultant IP address also finds nothing wrong...

https://whois.domaintools.com/104.17.187.107

https://cleantalk.org/blacklists/104.17.187.107

[kevinf80]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you