oneproxifier.com (Reverse proxy malware hosted by ecatel.net)

Resolved w7bren.oneproxifier.com to 93.174.93.39, 89.248.174.42, 89.248.172.58, 93.174.93.204
Resolved extradq.oneproxifier.com to 94.102.49.207, 80.82.70.232

Here are two samples of what appears to be reverse proxy malware. It connects back to the indicated servers and maintains a connection, waiting to relay connections through the infected computer. It appears to only use windows servers for the back connect software.

Server: w7bren.oneproxifier.com
Port:  8800

Server:  extradq.oneproxifier.com
Port:  8800

Samples are located here.

Categories: Uncategorized