Re: [botnets] Infection in progress
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Quoting John Holan [EMAIL PROTECTED]: 07-16-200710:23:15 ;208.67.65.11:/imp?z=0Z=0x0s=108276u=http%3A%2F%2Fisdnaccess.com%2Fr =0y=28 07-16-200710:23:16 ;208.67.65.11:/imp?z=0Z=0x0s=108276u=http%3A%2F%2Fisdnaccess.com%2Fr =0y=28 07-16-200710:23:16 ;208.67.65.11:/iframe3?APSmAQBeNQYAsDwCAAIAAP8CCwICAAL7uAEAm 4wDAACASZD-AEAAg HrwUgxAG 56lOxSc5AKe4SUZXli3tEsci9A6we-iqjLlr 07-16-200710:23:16 ;208.67.65.11:/iframe3?APSmAQBeNQYAsDwCAAIAAP8CCwICAAL7uAEAm 4wDAACASZD-AEAAg HrwUgxAG 56lOxSc5AKe4SUZXli3tEsci9A6we-iqjLlr the address 208.67.65.11 does correpond to ad.yieldmanager.com b - Email solutions, MS Exchange alternatives and extrication, security services, systems integration. Contact:[EMAIL PROTECTED] ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
[botnets] Infection in progress
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi This is an extract from a monitoring log The Time Zone is CET -9 I do have the executables, delivered to Virustotal.com 07-13-2007 14:58:55 ;85.17.168.140:/svhost/main.php?status=mainstring 07-13-2007 14:58:56 ;85.17.168.140:/main.php?status=mainstring 07-13-2007 14:59:08 ;85.17.168.140:/svhost/main.php?status=iframes 07-13-2007 14:59:08 ;80.237.211.63:/as_noscript.php?name=poolinstok 07-13-2007 14:59:09;85.17.168.140:/svhost/stats.php 07-13-2007 14:59:23;85.17.168.140:/install/wr-1-077.exe 07-13-2007 14:59:31;194.90.224.86:/retadpu.exe 07-13-2007 14:59:32;194.90.224.86:/retadpu.exe?c74c45f8 07-13-2007 14:59:32;194.90.224.86:/retadpu.exe 07-13-2007 15:03:29 ;82.98.235.70:/443?sid=2D545A5A4F1F545B365C36593651505A363A0C1B1F000A0C4 939080A02495D4F0A000D54285A2A585D585C2F28282D595D585C5A285C2B5F2D5C5A515 E5C505D5B5F5D2D4F081D542F5E5E5F285C2A2A5A58512D58582D2A515F592C2F5F5E5A5 1502F2F2F2F2F2F4F131854584F1D1954594F080 07-13-2007 15:07:30 ;194.126.193.157:/browser.php?a=143851525b=5c874145b8f9d9c82980c3baf610 c6ba90982d8256f158b94a3f274540ce72dcc=5003d=0e=--f=0g=30h=0i=0j= 242340 07-13-2007 15:08:20 ;194.126.193.155:/nrjs/chk/2b1f7329e27dc7a57219f1db7e770aa9cb0c33ef0c686 bd877a515291a5a6d00 07-13-2007 15:08:20 ;194.126.193.155:/nrjs/chk/2b1f7329e27dc7a57219f1db7e770aa9cb0c33ef0c686 bd877a515291a5a6d00 07-13-2007 15:08:20;207.68.183.32:/ 07-13-2007 15:08:20;69.20.25.92:/GetAd/tekID58.ini 07-13-2007 15:08:20;69.20.25.92:/uttc/udata2.txt 07-13-2007 15:08:20 ;8.255.51.252:/br/hp/en-us/css/26/override.css 07-13-2007 15:08:20 ;8.255.51.252:/br/hp/en-us/css/20/ushp.css 07-13-2007 15:08:20;8.255.49.252:/br/hp/en-us/js/18/hptg.js 07-13-2007 15:08:21;69.20.25.92:/ax/tk58.exe 07-13-2007 15:08:24;193.189.93.14:/tmc/to.php?id=VSLYL 07-13-2007 15:08:24;69.20.25.92:/GetAd/tekID58.ini 07-13-2007 15:08:24;8.255.50.252:/library/dap.js John ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
[botnets] Infection in progress
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi Here comes another one (CET -9) === 07-16-2007 10:23:15 ;208.67.65.11:/imp?z=0Z=0x0s=108276u=http%3A%2F%2Fisdnaccess.com%2Fr =0y=28 07-16-2007 10:23:16 ;208.67.65.11:/imp?z=0Z=0x0s=108276u=http%3A%2F%2Fisdnaccess.com%2Fr =0y=28 07-16-2007 10:23:16 ;208.67.65.11:/iframe3?APSmAQBeNQYAsDwCAAIAAP8CCwICAAL7uAEAm 4wDAACASZD-AEAAg HrwUgxAG 56lOxSc5AKe4SUZXli3tEsci9A6we-iqjLlr 07-16-2007 10:23:16 ;208.67.65.11:/iframe3?APSmAQBeNQYAsDwCAAIAAP8CCwICAAL7uAEAm 4wDAACASZD-AEAAg HrwUgxAG 56lOxSc5AKe4SUZXli3tEsci9A6we-iqjLlr === Anybody translate ? John ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets