Malware Related > Malicious Domains

Compromised Russian Webserver Bruting my RDP


I get rdp bruted all the time, I just happened to notice my firewall blocking this one while working. Figured I would share it, nmapped the ip, port 80 was open, so I found the domain name.

Server Type    Status    ContentType
Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14    200 OK    text/html; charset=UTF-8

host -

From the IP address, you get the network and their IP range; -
Block the address range in the computer's Firewalll or on the enclave's perimeter Firewall.

I actually forgot to setup this router, were blocking ALL of Russian ip space actually.


[0] Message Index

Go to full version