[nsp-sec] Anyone recognise these hostnames?
Scott A. McIntyre
scott at howyagoin.net
Thu Jun 28 04:15:25 EDT 2012
Hi all,
Got a bit of a puzzle on my hands - anyone recognise any of these, either by name or pattern?
11tfawe.cdn98.hostingbestupload.com
11tfbnk.cdn35.uploadservicecompany8.com
11tfe1e.cdn98.hostingbestupload.com
11tfakh.cdn98.hostingbestupload.com
11td78k.cdn68.bestfreeupload.com
The closest I've come to pinning it down is:
http://vms.drweb.com/virus/?i=1882830
http://vms.drweb.com/virus/?i=1885623
http://vms.drweb.com/virus/?i=1882936
So could just be some generic Downloader - but I've got a bunch of hosts spiking on activity, with many hundreds of queries per minute at the moment.
Any extra intel appreciated.
Thanks!
Scott A. McIntyre
Security Operations
Telstra Australia
More information about the nsp-security
mailing list