Re: [botnets] blog spammer
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- You can use the Google translate service to proxy an HTTP request - hence the IP recorded will belong to Google. Without the apache logs for this entry I wouldn't like to speculate further. cheers, Jamie On 03/10/2007, J. Oquendo <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > -- > bodik wrote: > > > 64.59.139.153 > > That's quite interesting. If this indeed is say an infected Google > server, I wonder if someone has found a way to infect users via say > Google's adsense. That would be scary. -- Jamie Riden / [EMAIL PROTECTED] / [EMAIL PROTECTED] UK Honeynet Project: http://www.ukhoneynet.org/ ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] blog spammer
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] --bodik wrote: > 64.59.139.153 That's quite interesting. If this indeed is say an infected Google server, I wonder if someone has found a way to infect users via say Google's adsense. That would be scary. [Querying whois.arin.net] [whois.arin.net] OrgName:Google Inc. OrgID: GOGL Address:1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country:US NetRange: 66.249.64.0 - 66.249.95.255 CIDR: 66.249.64.0/19 [EMAIL PROTECTED] trackback]# HEAD 64.59.139.153 400 Bad Request Cache-Control: no-cache Connection: close Pragma: no-cache Content-Length: 691 Content-Type: text/html; charset=utf-8 Client-Date: Wed, 03 Oct 2007 12:17:23 GMT Client-Peer: 64.59.139.153:80 Client-Response-Num: 1 Proxy-Connection: close [EMAIL PROTECTED] trackback]# GET 64.59.139.153 Request Error Request Error (invalid_request) Your request could not be processed. Request could not be handled This could be caused by a misconfiguration, or possibly a malformed request. For assistance, contact your network support team. -- J. Oquendo "Excusatio non petita, accusatio manifesta" http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E sil . infiltrated @ net http://www.infiltrated.net smime.p7s Description: S/MIME Cryptographic Signature ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] blog spammer
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- 4 ips are currently XBL listed, one was a Storm bot for one day?!? back in June. The Chile IPs caught my attention. There's only 4 hosts with a PTR on the subnet, but nothing else funny from the whois or the last 6 months of XBL. [EMAIL PROTECTED] ~$ for i in `seq 2 7`; do host 200.83.4.$i; done Host 2.4.83.200.in-addr.arpa not found: 3(NXDOMAIN) 3.4.83.200.in-addr.arpa domain name pointer thebe.reb.vtr.net. 4.4.83.200.in-addr.arpa domain name pointer phoebe.reb.vtr.net. 5.4.83.200.in-addr.arpa domain name pointer dione.reb.vtr.net. 6.4.83.200.in-addr.arpa domain name pointer rhea.reb.vtr.net. Host 7.4.83.200.in-addr.arpa not found: 3(NXDOMAIN) I also checked for the IPs in some photo album spam records from 4/2 ~ 6/15, but no hits. I would love to know what all this means together. 58.23.131.174|XIAMEN|FUJIAN|CHINA 64.59.139.153|WINNIPEG|MANITOBA|CANADA % 64.59.139.153 2007-10-01 00:08:00 xbl.spamhaus.org127.0.0.4 = % 64.59.139.153 2007-10-01 00:08:00 xbl.spamhaus.org127.0.0.5 = 65.98.103.12|RANCHO SANTA FE|CALIFORNIA|UNITED STATES|SAN DIEGO|CAS 66.122.198.87|WASHINGTON|DISTRICT OF COLUMBIA|UNITED STATES|DISTRICT OF COLUMBIA|DC 66.249.65.77|MOUNTAIN VIEW|CALIFORNIA|UNITED STATES|SANTA CLARA|CAN 69.231.139.157|LOS ANGELES|CALIFORNIA|UNITED STATES|LOS ANGELES|CAC 74.137.130.136|LOUISVILLE|KENTUCKY|UNITED STATES|JEFFERSON|KYW 81.177.22.221|MOSCOW|MOSKVA|RUSSIAN FEDERATION 85.255.120.66|KHARKIV|KHARKIVS'KA OBLAST'|UKRAINE 87.248.160.134|-|-|MOLDOVA, REPUBLIC OF % 87.248.160.1342007-10-01 00:08:00 xbl.spamhaus.org 127.0.0.5 = 91.122.13.234|MOSCOW|MOSKVA|RUSSIAN FEDERATION pcomm: 2007-06-12 % 91.122.13.234 2007-10-01 00:08:00 xbl.spamhaus.org127.0.0.4 = 200.21.244.142|PASTO|NARINO|COLOMBIA 200.83.4.4|SANTIAGO|REGION METROPOLITANA|CHILE 200.83.4.6|SANTIAGO|REGION METROPOLITANA|CHILE 201.45.206.20|RIO DE JANEIRO|RIO DE JANEIRO|BRAZIL % 201.45.206.20 2007-10-01 00:08:00 xbl.spamhaus.org127.0.0.4 = 216.241.182.210|DENVER|COLORADO|UNITED STATES|JEFFERSON|CO 218.104.180.228|-|-|CHINA % 218.104.180.228 2007-10-01 00:08:00 xbl.spamhaus.org 127.0.0.4 = % 218.104.180.228 2007-10-01 00:08:00 xbl.spamhaus.org 127.0.0.5 = On Wed, Oct 03, 2007 at 10:14:36AM +0200, bodik wrote: >To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >-- >hello, > >just a few IPs, i strongly belives they belong to some russian botnet >which is used to blog spamming ... their activities results in DoS on >ouu server .. more than 250 000 comments ;) > >is anyone from > >netname:NETPLACE >descr: NETPLACE professional internet services >country:RU > >listening here ? ;) > >regars bodik > > >included ips not just from netplace >-CUT- >81.177.22.221 >58.23.131.174 >81.177.22.221 >201.45.206.20 >81.177.22.221 >69.231.139.157 >81.177.22.221 >200.21.244.142 >216.241.182.210 >200.83.4.4 >81.177.22.221 >91.122.13.234 >81.177.22.221 >64.59.139.153 >85.255.120.66 >81.177.22.221 >91.122.13.234 >81.177.22.221 >81.177.22.221 >66.249.65.77 >65.98.103.12 >65.98.103.12 >200.83.4.6 >81.177.22.221 >65.98.103.12 >81.177.22.221 >81.177.22.221 >66.122.198.87 >81.177.22.221 >81.177.22.221 >218.104.180.228 >65.98.103.12 >58.23.131.174 >74.137.130.136 >81.177.22.221 >65.98.103.12 >87.248.160.134 >87.248.160.134 >81.177.22.221 > >___ >To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >All list and server information are public and available to law enforcement >upon request. >http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
[botnets] blog spammer
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- hello, just a few IPs, i strongly belives they belong to some russian botnet which is used to blog spamming ... their activities results in DoS on ouu server .. more than 250 000 comments ;) is anyone from netname:NETPLACE descr: NETPLACE professional internet services country:RU listening here ? ;) regars bodik included ips not just from netplace -CUT- 81.177.22.221 58.23.131.174 81.177.22.221 201.45.206.20 81.177.22.221 69.231.139.157 81.177.22.221 200.21.244.142 216.241.182.210 200.83.4.4 81.177.22.221 91.122.13.234 81.177.22.221 64.59.139.153 85.255.120.66 81.177.22.221 91.122.13.234 81.177.22.221 81.177.22.221 66.249.65.77 65.98.103.12 65.98.103.12 200.83.4.6 81.177.22.221 65.98.103.12 81.177.22.221 81.177.22.221 66.122.198.87 81.177.22.221 81.177.22.221 218.104.180.228 65.98.103.12 58.23.131.174 74.137.130.136 81.177.22.221 65.98.103.12 87.248.160.134 87.248.160.134 81.177.22.221 ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets