Recently I’m picking up connection attempt to r.sastts.com, rokuq.com and nusojog.com from a few of our workstation.
This addresses has been flagged as Botnet connection attempt by our DNS service provider.
I have ran Avast SmartScan and Full-scan on the workstation that is making the connection but Avast pickup nothing.
I suspected that this connection is made using js script while user are browsing using Chr0m3 browser.
Sorry we haven’t responded sooner. Did Avast ever detect this? If not, we’d need whatever that it is sending out these requests to add to our definitions (files, software, etc.)
Have you looked for any suspicious Google Chrome extensions?