BEKv2 Gate Variant (q.php)

This variant is centered on large networks. These IP ranges have been malicious since at least September 2012 and should be blocked.

Currently affected networks: – – – –

HTTP Request Method = GET
Regex HTTP URI for “\/[a-f0-9]{16,32}\/q\.php”

hxxp://129.121. 126.40/3191945b9fd4baee19fe6d1a1f16341b/q.php
hxxp://129. 121.113.91/d3c25604f85a1ea4f1278802cd56ae67/q.php
hxxp://149.47.253. 180/5983387568aa76e343060cf644cef37a/q.php

See examples of BEKv2 q.php Gate Variant on


Comments are closed.