[nsp-sec] Questions about c&c 208.73.210.28
Chris Morrow
morrowc at ops-netman.net
Tue Aug 10 08:46:37 EDT 2010
On 08/10/10 08:04, Joel Rosenblatt wrote:
> ----------- nsp-security Confidential --------
>
> Hi,
>
> Is there any confirmation available that the c&c 208.73.210.28:80 is real?
oversee == domain-parker ... <100bytes sounds (to me) like syn's ?
if it's oversee and it's just a parked domain they don't want to answer
tcp/80 for, perhaps it's on a domain of a former C&C?
-chris
(which would probably still indicate infected hosts)
More information about the nsp-security
mailing list