PushDo Checkin Traffic Update

malwarebreakdown on November 1, 2016

I infected my computer with PushDo on Oct. 20, 2016, which you can read about HERE.

I ran the computer again today and re-collected some callback traffic (ET TROJAN Backdoor.Win32.Pushdo.s Checkin).

I’m adding this update because there were some new domains and IPs in the traffic. Below you will find an Excel sheet of the traffic as well as the text.

pushdo-checkin-traffic

Destination Host
104.20.54.61 uster.com
104.25.6.18 epc.com.au
198.1.89.251 pers.com
59.188.5.116 averwin.com
107.23.198.240 anduran.com
37.230.108.75 yoruksut.com
217.19.254.22 shanks.co.uk
198.185.159.144 refintl.org
104.27.179.121 workplus.hu
62.75.161.184 thiessen.net
136.243.9.216 aiolos-sa.gr
104.28.6.114 midap.com
184.168.221.18 ftmobile.com
23.250.29.34 89gospel.com
79.172.241.35 iranytu.net
91.109.201.127 notis.ru
188.128.168.127 karmy.com.pl
62.129.220.170 infotech.pl
50.62.173.69 aba.org.eg
46.30.60.158 ncn.de
103.5.51.106 akr.co.id
192.230.74.38 captlfix.com
104.28.7.113 tbvlugus.nl
178.33.114.203 bosado.com
193.239.12.73 mijash3.com
74.220.215.227 dyag-eng.com
216.239.32.21 calvinly.com
198.185.159.144 riwn.org
52.4.72.137 rkengg.com
104.25.7.18 epc.com.au
67.210.231.230 bible.org
69.172.201.217 atb-lit.com
49.212.180.178 kumaden.com
212.61.180.100 ludea.cz
104.25.117.110 top1oil.com
95.174.22.233 snf.it
173.255.248.186 nblewis.com
104.130.53.129 nrsi.com
89.161.255.30 invictus.pl
23.100.43.208 grlawcc.com
209.140.30.74 banvari.com
46.227.200.50 pertex.com
185.22.232.175 sledsport.ru
59.106.13.169 holp-ai.com
166.62.45.9 michiana.org
104.28.7.114 midap.com
80.74.135.111 juso-gr.ch
5.77.61.115 geecl.com
104.37.84.3 touchfam.ca
23.239.201.14 scintel.com
146.112.61.109 nme.co.jp
82.165.190.199 cvswl.org
49.212.79.160 mikihan.com
5.254.103.105 plaske.ua
91.216.241.52 vdoherty.com
183.90.228.12 sokuwan.net
183.90.232.24 a-domani.com
212.98.164.230 bigzz.by
88.208.248.90 nels.co.uk
104.25.38.4 shittas.com
46.231.205.80 msl-lock.com
194.213.122.34 shztm.ru
104.28.16.50 oozkranj.com
64.27.53.122 vfcindia.com
69.89.107.122 willsub.com
59.106.13.178 cjcagent.com
64.14.79.116 icd-host.com
125.206.125.198 dog-jog.net
204.15.134.44 esmoke.net
213.186.33.16 karila.fr
157.7.107.45 aoinko.net
104.130.236.148 x96.com
76.74.184.61 alexpope.biz
104.25.250.31 scip.org.uk
70.33.225.56 canasil.com
195.128.140.98 nettle.pl
213.142.130.103 pcoyuncu.com
142.4.210.151 zemarmot.net
121.42.7.19 likangds.com
31.7.163.133 umcor.am
69.20.11.153 cpwpb.com
46.4.194.22 softizer.com
210.172.129.80 nt-hat.com
52.4.72.137 dspears.com
89.221.250.3 rast.se
192.230.81.181 gbmfg.com
54.65.78.223 k-nikko.com
182.48.9.239 revoldia.net
69.64.39.130 webavant.com
88.86.118.82 deckoviny.cz
52.68.242.233 78san.com
97.74.42.79 sanfotek.net
211.149.146.139 ciicsc.com
72.4.145.131 gcss.com
157.7.107.136 wantapc.net
202.189.180.2 someikan.com
204.11.56.48 beafin.com
192.124.249.12 oaith.ca
122.152.128.100 kayoaiba.com
104.239.163.117 shesfit.com
94.126.17.113 fifa-ews.com
219.94.129.97 web-york.com
89.253.231.146 gydrozo.ru
94.73.147.60 kavram.com
79.170.44.118 haigh-me.com
104.18.62.73 vivastay.com
104.24.1.36 fundeo.com
209.85.25.218 webways.com
125.88.190.19 xsui.com
198.185.159.145 sidepath.com
24.223.107.58 usadig.com
178.238.40.4 dzm.cz
173.236.177.120 ntc.edu.au
70.34.36.206 simetar.com
94.23.16.70 biurohera.pl
107.23.198.240 rkengg.com
157.7.107.101 koz1.net
46.227.200.51 pertex.com
219.122.1.240 at-shun.com
104.28.26.177 cubodown.com
93.186.182.76 mcseurope.nl
216.239.38.21 calvinly.com
162.255.118.51 awal.ws
69.18.18.212 hchc.org
50.116.45.244 hubbikes.com
193.68.112.103 mkm-gr.com
78.46.224.133 amic.at
69.172.201.153 cutchie.com
49.212.243.77 listel.co.jp
160.16.95.189 anteph.org
173.247.242.232 isom.org
175.28.4.19 eos-i.com
72.52.4.120 htsmx.net
104.28.0.196 ossir.org
86.109.107.249 kairel.com
81.15.167.161 fogra.com.pl
104.27.183.201 ifesnet.com
157.7.107.134 from30ty.com
78.129.141.130 linac.co.uk
202.93.17.181 lyto.net
104.25.48.26 atis-sk.ca
104.24.105.60 ccssinc.com
90.156.201.87 skgm.ru
96.43.215.76 johnlyon.org
188.136.220.23 araax.com
198.211.98.85 bossinst.com
173.203.43.103 shenhgts.net
219.122.1.240 rokoron.com
184.168.47.225 absblast.com
37.59.17.169 duiops.net
192.99.226.190 s5w.com
104.25.147.12 dayvo.com
199.7.108.96 acraloc.com
149.202.242.219 adventist.ro
69.172.201.153 onzcda.com
95.129.200.75 kamptal.at
99.192.128.29 floopis.com
160.16.95.189 mondopp.net
46.17.46.46 bidroll.com
74.205.121.64 shiner.com
104.25.251.31 scip.org.uk
198.49.23.145 refintl.org
199.83.135.38 captlfix.com
81.88.48.71 ludomemo.com
208.87.198.55 awfraser.com
104.237.98.62 ccrsi.org
104.168.172.179 agulatex.com
104.238.135.119 daytonir.com
104.28.7.121 tabbles.net
217.160.231.165 wvs-net.de
208.81.81.21 forbin.net
185.38.249.12 cyclad.pl
66.45.162.111 webband.com
69.175.70.186 hes.pt
157.112.145.19 e-kami.net
85.13.131.20 amele.com
104.25.118.110 top1oil.com
166.62.58.35 lpver.com
202.53.64.209 nettlinx.org
219.94.128.87 angework.com
89.253.231.76 burstner.ru
212.69.176.122 paraski.org
70.32.84.150 univi.it
217.74.161.133 cnti.krsn.ru
199.83.134.181 gbmfg.com
104.28.27.177 cubodown.com
81.22.252.148 kevyt.net
104.20.73.112 roewer.de
75.101.162.107 stopllc.com
137.135.119.85 themark.org
91.202.171.113 shteeble.com
85.25.207.48 portoccd.org
85.233.160.147 hbfuels.com
108.61.21.203 pellys.co.uk
104.25.49.26 atis-sk.ca
208.113.213.55 agitz.com.br
104.27.143.75 rtcasey.com
104.28.6.121 tabbles.net
101.100.211.11 siongann.com
114.179.231.55 skypearl.com
104.24.104.60 ccssinc.com
59.106.13.181 komie.com
52.37.0.233 yhsll.com
107.23.198.240 dspears.com
150.242.140.16 apcotex.com
54.178.140.67 oh28ya.com
213.186.33.16 valselit.com
64.207.187.171 jabian.com
108.170.52.125 amerifor.com
49.212.235.59 jsaps.com
65.52.128.33 xult.org
210.134.165.10 e-asset.net
104.20.55.61 uster.com
104.28.7.63 envogen.com
202.124.241.203 ascc.org.au
82.208.109.253 kursavto.ru
83.169.11.45 zugseil.com
154.58.200.237 enguita.net
104.18.63.73 vivastay.com
213.186.33.4 h-et-l.com
188.165.141.56 chzko.ru
82.98.173.232 redgiga.com
144.76.139.253 noblesse.be
52.4.72.137 anduran.com
104.27.182.201 ifesnet.com
87.230.93.218 dwid.de
69.163.216.232 kewlmail.com
81.91.92.97 zupraha.cz
107.190.141.194 btsi.com.ph
120.24.238.21 popbook.com
104.25.146.12 dayvo.com
37.48.84.48 camamat.com
217.149.52.107 kallman.net
49.212.198.198 603888.com
174.37.99.80 host.do
8.36.40.244 semuk.com
198.49.23.145 sidepath.com
158.69.180.130 cbras.com
64.14.68.165 icd-host.com
185.83.49.103 ymlp15.net
85.13.144.209 rappich.de
46.30.213.157 kustnara.com
104.27.180.120 atbauk.org
87.229.26.84 avse.hu
104.27.142.75 rtcasey.com
76.12.115.26 leapc.com
173.236.227.73 orbitgas.com
104.27.181.120 atbauk.org
159.100.181.105 4locals.net
45.117.80.163 arowines.com
133.130.35.22 okashimo.com
173.205.126.33 cbaben.com
104.28.6.113 tbvlugus.nl
173.11.168.25 peminet.net
104.28.6.63 envogen.com
104.27.159.122 bount.com.tw
89.161.136.188 sgk.home.pl
104.28.17.50 oozkranj.com
104.24.0.36 fundeo.com
49.212.232.113 unicus.jp
90.156.201.38 skgm.ru
208.113.204.152 canmore.com
219.94.128.216 keio-web.com
68.71.129.34 uhsa.edu.ag
61.114.236.17 gbp-jp.com
45.79.174.159 biosolve.com
27.254.142.204 tozzhin.com
104.27.158.122 bount.com.tw
213.136.89.56 ruzee.com
192.254.197.15 wnit.org
195.96.252.188 nlcv.bas.bg
94.23.37.199 websy.com

Published by malwarebreakdown

Just a normal person who spends their free time infecting systems with malware.

Leave a Comment