[nsp-sec] Questions about c&c 208.73.210.28
Carol Overes
Carol.Overes at du.ae
Tue Aug 10 09:28:54 EDT 2010
> if it's oversee and it's just a parked domain they don't want to
answer
> tcp/80 for, perhaps it's on a domain of a former C&C?
According to Zeus tracker the domain romanticdateonline.com is related
to 208.73.210.28:
https://zeustracker.abuse.ch/monitor.php?ipaddress=208.73.210.28
The domain registry is changed on 1 August 2010 and belongs now to
Oversee.
We noticed this week also a connection to 208.73.210.28:80. But the
connection was dropped and there was no infection found on the host.
And today we noticed a DNS query to 208.73.210.28. But as far as I can
see there is no DNS service running on this host. Unfortunately I wasn't
able to capture the DNS query.
Regards,
Carol
Carol Overes
Incident Handling and Threat Analyst
Technology
Emirates Integrated Telecommunications Company, PJSC
P.O. Box 502666, Dubai, U.A.E.
http://www.du.ae/
This email and any attachments may contain confidential information. You must not read them unless they are intended for you or your organization. If you have received them in error, please delete them and contact du. If the content of this e-mail does not relate to du's business, du does not endorse it. You should check attachments for viruses before opening.
Authorized, issued and fully paid up share capital of AED 4,571,428,571
Commercial License No.576513; Commercial Registration No. 77967
More information about the nsp-security
mailing list