To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
--
4 ips are currently XBL listed, one was a Storm bot for one day?!? back in June.
The Chile IPs caught my attention. There's only 4 hosts with a PTR on the
subnet, but nothing else funny from the whois or the last 6 months of XBL.
[EMAIL PROTECTED] ~$ for i in `seq 2 7`; do host 200.83.4.$i; done
Host 2.4.83.200.in-addr.arpa not found: 3(NXDOMAIN)
3.4.83.200.in-addr.arpa domain name pointer thebe.reb.vtr.net.
4.4.83.200.in-addr.arpa domain name pointer phoebe.reb.vtr.net.
5.4.83.200.in-addr.arpa domain name pointer dione.reb.vtr.net.
6.4.83.200.in-addr.arpa domain name pointer rhea.reb.vtr.net.
Host 7.4.83.200.in-addr.arpa not found: 3(NXDOMAIN)
I also checked for the IPs in some photo album spam records from 4/2 ~ 6/15,
but no hits.
I would love to know what all this means together.
58.23.131.174|XIAMEN|FUJIAN|CHINA
64.59.139.153|WINNIPEG|MANITOBA|CANADA
% 64.59.139.153 2007-10-01 00:08:00 xbl.spamhaus.org127.0.0.4
=
% 64.59.139.153 2007-10-01 00:08:00 xbl.spamhaus.org127.0.0.5
=
65.98.103.12|RANCHO SANTA FE|CALIFORNIA|UNITED STATES|SAN DIEGO|CAS
66.122.198.87|WASHINGTON|DISTRICT OF COLUMBIA|UNITED STATES|DISTRICT OF
COLUMBIA|DC
66.249.65.77|MOUNTAIN VIEW|CALIFORNIA|UNITED STATES|SANTA CLARA|CAN
69.231.139.157|LOS ANGELES|CALIFORNIA|UNITED STATES|LOS ANGELES|CAC
74.137.130.136|LOUISVILLE|KENTUCKY|UNITED STATES|JEFFERSON|KYW
81.177.22.221|MOSCOW|MOSKVA|RUSSIAN FEDERATION
85.255.120.66|KHARKIV|KHARKIVS'KA OBLAST'|UKRAINE
87.248.160.134|-|-|MOLDOVA, REPUBLIC OF
% 87.248.160.1342007-10-01 00:08:00 xbl.spamhaus.org
127.0.0.5 =
91.122.13.234|MOSCOW|MOSKVA|RUSSIAN FEDERATION
pcomm: 2007-06-12
% 91.122.13.234 2007-10-01 00:08:00 xbl.spamhaus.org127.0.0.4
=
200.21.244.142|PASTO|NARINO|COLOMBIA
200.83.4.4|SANTIAGO|REGION METROPOLITANA|CHILE
200.83.4.6|SANTIAGO|REGION METROPOLITANA|CHILE
201.45.206.20|RIO DE JANEIRO|RIO DE JANEIRO|BRAZIL
% 201.45.206.20 2007-10-01 00:08:00 xbl.spamhaus.org127.0.0.4
=
216.241.182.210|DENVER|COLORADO|UNITED STATES|JEFFERSON|CO
218.104.180.228|-|-|CHINA
% 218.104.180.228 2007-10-01 00:08:00 xbl.spamhaus.org
127.0.0.4 =
% 218.104.180.228 2007-10-01 00:08:00 xbl.spamhaus.org
127.0.0.5 =
On Wed, Oct 03, 2007 at 10:14:36AM +0200, bodik wrote:
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
--
hello,
just a few IPs, i strongly belives they belong to some russian botnet
which is used to blog spamming ... their activities results in DoS on
ouu server .. more than 250 000 comments ;)
is anyone from
netname:NETPLACE
descr: NETPLACE professional internet services
country:RU
listening here ? ;)
regars bodik
included ips not just from netplace
-CUT-
81.177.22.221
58.23.131.174
81.177.22.221
201.45.206.20
81.177.22.221
69.231.139.157
81.177.22.221
200.21.244.142
216.241.182.210
200.83.4.4
81.177.22.221
91.122.13.234
81.177.22.221
64.59.139.153
85.255.120.66
81.177.22.221
91.122.13.234
81.177.22.221
81.177.22.221
66.249.65.77
65.98.103.12
65.98.103.12
200.83.4.6
81.177.22.221
65.98.103.12
81.177.22.221
81.177.22.221
66.122.198.87
81.177.22.221
81.177.22.221
218.104.180.228
65.98.103.12
58.23.131.174
74.137.130.136
81.177.22.221
65.98.103.12
87.248.160.134
87.248.160.134
81.177.22.221
___
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
___
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets