Resolved dq.proxylegitconnect.com to 89.248.172.174 Resolved bren.proxylegitconnect.com to 89.248.172.145 Servers: dq.proxylegitconnect.com, bren.proxylegitconnect.com Port: 8800 Based on the port and subdomains, this is the same guy as this previous post. Hosting infos: http://whois.domaintools.com/89.248.172.174 Hosting infos: http://whois.domaintools.com/89.248.172.175
193.107.19.151 (Reverse proxy malware hosted by 2×4.ru)
Server: 193.107.19.151 Bot connect port: 8898 Web login port: 2567 Server config: http://193.107.19.151/config.cfg According to the errors on the index page, it’s hosted on a windows vps. Hosting infos: http://whois.domaintools.com/193.107.19.151
oneproxifier.com (Reverse proxy malware hosted by ecatel.net)
Resolved w7bren.oneproxifier.com to 93.174.93.39, 89.248.174.42, 89.248.172.58, 93.174.93.204 Resolved extradq.oneproxifier.com to 94.102.49.207, 80.82.70.232 Here are two samples of what appears to be reverse proxy malware. It connects back to the indicated servers and maintains a connection, waiting to relay connections through the infected computer. It appears to only use windows servers for the back connect software.Read more...