Malware Related > Malicious Domains

Compromised Russian Webserver Bruting my RDP

(1/1)

BenENichols:
I get rdp bruted all the time, I just happened to notice my firewall blocking this one while working. Figured I would share it, nmapped the ip, port 80 was open, so I found the domain name.

Server Type    Status    ContentType
Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14    200 OK    text/html; charset=UTF-8

host - 188x134x1x20.static-business.iz.ertelecom.ru

http://bazamaria.ru/

http://188.134.1.20/

dlipman:
From the IP address, you get the network and their IP range; 188.134.0.0 - 188.134.63.255.
Block the address range in the computer's Firewalll or on the enclave's perimeter Firewall.

BenENichols:
I actually forgot to setup this router, were blocking ALL of Russian ip space actually.

Navigation

[0] Message Index

Go to full version