PRTG
Jump to navigation
Jump to search
Some sort of wiki attacking malware/bot is running on machines presenting to teh interwebs as a PRTG NETWORK MONITOR. There are a number of these devices presumably using a windows exploit for access. They seem to be clustered in certain ranges of IP's such as the following.
They seem to be on a persistent mission to sell viagra and such boner pills, and they probably aren't doctors even!
Starting Nmap 6.00 ( http://nmap.org ) at 2016-12-18 06:58 EET NSE: Loaded 17 scripts for scanning. Initiating SYN Stealth Scan at 06:58 Scanning systemip.example.com (91.200.12.74) [100 ports] Discovered open port 445/tcp on 91.200.12.74 Discovered open port 80/tcp on 91.200.12.74 Discovered open port 49154/tcp on 91.200.12.74 Discovered open port 135/tcp on 91.200.12.74 Discovered open port 3389/tcp on 91.200.12.74 Completed SYN Stealth Scan at 06:58, 2.09s elapsed (100 total ports) Initiating Service scan at 06:58
✨