[dns-operations] Botnets, botnets everywhere

Sam Norris Sam at MrNorris.com
Thu Sep 11 16:02:50 UTC 2014

Previous message (by thread): [dns-operations] Botnets, botnets everywhere
Next message (by thread): [dns-operations] Botnets, botnets everywhere
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 16:11:41.450794 IP 217.195.66.253.37426 > 62.76.76.62.53: 42580+ A?
> swfjwvtkhqx.www.feile8888.com. (47)
> 16:11:41.450796 IP 91.209.124.75.50584 > 62.76.76.62.53: 37269+ [1au]
> A? izhsccxedub.www.feile666.com. (57)
>

Probably some type of obfuscated C&C communication or way for a botnet owner to
regain control once its shut down.

Previous message (by thread): [dns-operations] Botnets, botnets everywhere
Next message (by thread): [dns-operations] Botnets, botnets everywhere
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dns-operations mailing list