-1

We have 2 Windows 2016 Servers and on both we found that our apps, that run on IIS, started to have suspicious behavior e.g. started to timeout, slowing down etc.

After doing more research we found that some processes have requests to same domain, that requests spend most bandwidth and they never go off (as you would expect).

Here are screenshots:

Server 1: https://gyazo.com/8bd433b2a2e6e3091885f9bf095ce0be

Server 2: https://gyazo.com/6a18d04d836adafc6952be212413eb16

Any idea how to resolve that?

Filip Pavlić
  • 1
  • 1

1 Answers1

0

since looking up for the domain didnt show any intresting result , in order to investigate the activity you need to download and install wireshark .

use it to sniff your hosts (install it on them ofcorse) and then submit the traffic samples of the HTTP activity of yhfund.dadcaptive.co.uk to the answer

Ori a
  • 314
  • 1
  • 8