[nsp-sec] Questions about c&c 208.73.210.28
Tom Fischer
tfischer at bfk.de
Tue Aug 10 09:05:29 EDT 2010
Hi,
On Tue, Aug 10, 2010 at 08:04:17AM -0400, Joel Rosenblatt wrote:
> Is there any confirmation available that the c&c 208.73.210.28:80 is real?
looks like parked domain monetization with a bunch of domains used to
host malware or to c&c infected systems ...
e.g.
md5 communication
b22b0d05b5f8f644c13ab3d7e3e60287 http://www.om7890.com/mf3/help.exe
b9de0ec8e416c372eab1e1452102482a http://l.2010wyt.com/bak.txt
347b35192e921ee41139db39055b996b IRC bot that connects to www.genesisstore.sk TCP/80, ...
ed5d27a2d0c3ea9030acb9ea1e361f51 http://rscserv.com/service/index.php
[...]
--
Tom Fischer
BFK edv-consulting GmbH tel: +49 721 962 01-1
Kriegsstr. 100, D-76133 Karlsruhe fax: +49 721 962 01-99
More information about the nsp-security
mailing list