Anybody See This Before?

[bsmith2301 at gmail.com (Brice Smith)]

Anybody seen this before?  Appears that it might be malware connecting
out.  The structure is the same but seeing it on multiple machines.
Always different IP but the /idle, /open, /send are constant.

hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0
hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0
hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0
hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0
hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0
hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0    
hxxp://70.183.191.93/open/1     
hxxp://70.183.191.93/open/1     
hxxp://70.183.191.93/open/1     
hxxp://70.183.191.93/open/1     
hxxp://70.183.191.93/open/1     
hxxp://70.183.191.93/open/1     
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2    
hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3    
hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2    
hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3
hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3    
hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3    
hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4    
hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4