Suspicious Urls: Upatre, noizeradio.gr , 31.43.236.251

1. Suspicious Urls
2. Reported by neonprimetime security
3. http://neonprimetime.blogspot.com
4.  
5. ****
6.  
7. Snort rule triggered, Mazilla/5.0 - Win.Backdoor.Upatre (1:33207)
8.  
9. ****
10.  
11. GET http://checkip.dyndns.org/ HTTP/1.1
12. Accept: text/*, application/*
13. User-Agent: Mazilla/5.0
14. Host: checkip.dyndns.org
15. Pragma: no-cache
16. Proxy-Connection: Keep-Alive
17. Cookie: BCSI-CS-77e191ded1bdeae1=2
18. Proxy-Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
19.  
20. NTLMSSP.................................
21.  
22. ****
23.  
24. Payloads to follow
25.  
26. 31.43.236.251
27. http://31.43.236.251:14024/1802us11/WORKSTATIONNAME/0/61-SPM/0/EMLBEMDBFGEBEI
28. 5.172.196.207
29. http://noizeradio.gr/mandoc/sw_doca.pdf