Trump/Alfa Bank/Spectrum Health Communications

A conclusion to this mystery can’t be reached until we know what was inside the packets. If the logs are BIND format and the IP addresses in parenthesis is the destination of the query, then I find that communication highly unusual given that the destination server doesn’t appear to have been a DNS server. I actually think the Spectrum IP address is more suspicious than the Alfa IP address because the Spectrum machine also wasn’t a DNS server. A Google search will show it was used to post in various forums and access websites. Additionally, the Spectrum IP address was seen as a source in Wikipedia article edits.  That most likely means it was a shared address and wasn’t necessarily a dedicated server. My speculation is it was either a NAT address for part of the corporate network or a NAT address for a visitor network.Screen Shot 2018-10-10 at 7.51.37 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s