Showing posts with label iploookup. Show all posts
Showing posts with label iploookup. Show all posts

Friday, September 10, 2021

Siem Rule - IP Lookup Service

 Malware IP lookup service #siem detection rule idea


dns request in:

 - canireachthe.net

 - ipv4.icanhazip.com

 - ip.anysrc.net

 - edns.ip-api.com

 - wtfismyip.com

 - checkip.dyndns.org

 - api.2ip.ua

 - icanhazip.com

 - api.ipify.org

 - ip-api.com

 - checkip.amazonaws.com

 - ipecho.net

 - ipinfo.io

 - ipv4bot.whatismyipaddress.com

 - freegeoip.app

 

imagename not in 

 - brave.exe

 - iexplore.exe

 - opera.exe

 - firefox.exe

 - msedge.exe

 - chrome.exe

 - vivaldi.exe


Posted by at 4 comments:
Labels: ,
Subscribe to: Posts (Atom)