Bernardo, Do you have access to this machine, either physically or remotely (as an admin)? If so, have you pulled any data from the system to see what's going on?
--- Bernardo Santos Wernesback <[EMAIL PROTECTED]> wrote: > Hi everyone, > > Has anyone seen a lot of HTTP activity to a certain > site: > http://www.fotosgratis.pop.com.br ? > > One of our clients has several machines making tons > of requests for TXT > files on that server: > > botao.txt > mswinsck.txt > ita01.txt > caixa01.txt > teclado07.txt > caixa01.txt > caixa02.txt > caixa03.txt > caixa04.txt > caixa05.txt > > Thanks for any info., > > _____________________________________________________ > > Bernardo Santos Wernesback > > > > ESSE,ESS,SCSE,CCNA/DA, > > CCSA,CQS,MCP > > > > Consultant / ISH Tecnologia > > > > Phone: +55-27-3334-8900 > > Mobile: +55-27-8111-0884 > > Email: [EMAIL PROTECTED] > > PGP Fingerprint: > 6A42 3701 70D7 FD0F 5FA9 D232 CDD4 6189 EF43 > 95F5 > > > ===== ------------------------------------------------------------------------ Harlan Carvey, CISSP "Windows Forensics and Incident Recovery" http://www.windows-ir.com http://groups.yahoo.com/group/windowsir/ ------------------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html