To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- 4 ips are currently XBL listed, one was a Storm bot for one day?!? back in June. The Chile IPs caught my attention. There's only 4 hosts with a PTR on the subnet, but nothing else funny from the whois or the last 6 months of XBL. [EMAIL PROTECTED] ~$ for i in `seq 2 7`; do host 200.83.4.$i; done Host 2.4.83.200.in-addr.arpa not found: 3(NXDOMAIN) 3.4.83.200.in-addr.arpa domain name pointer thebe.reb.vtr.net. 4.4.83.200.in-addr.arpa domain name pointer phoebe.reb.vtr.net. 5.4.83.200.in-addr.arpa domain name pointer dione.reb.vtr.net. 6.4.83.200.in-addr.arpa domain name pointer rhea.reb.vtr.net. Host 7.4.83.200.in-addr.arpa not found: 3(NXDOMAIN)
I also checked for the IPs in some photo album spam records from 4/2 ~ 6/15, but no hits. I would love to know what all this means together. 58.23.131.174|XIAMEN|FUJIAN|CHINA 64.59.139.153|WINNIPEG|MANITOBA|CANADA % 64.59.139.153 2007-10-01 00:08:00 xbl.spamhaus.org 127.0.0.4 = % 64.59.139.153 2007-10-01 00:08:00 xbl.spamhaus.org 127.0.0.5 = 65.98.103.12|RANCHO SANTA FE|CALIFORNIA|UNITED STATES|SAN DIEGO|CAS 66.122.198.87|WASHINGTON|DISTRICT OF COLUMBIA|UNITED STATES|DISTRICT OF COLUMBIA|DC 66.249.65.77|MOUNTAIN VIEW|CALIFORNIA|UNITED STATES|SANTA CLARA|CAN 69.231.139.157|LOS ANGELES|CALIFORNIA|UNITED STATES|LOS ANGELES|CAC 74.137.130.136|LOUISVILLE|KENTUCKY|UNITED STATES|JEFFERSON|KYW 81.177.22.221|MOSCOW|MOSKVA|RUSSIAN FEDERATION 85.255.120.66|KHARKIV|KHARKIVS'KA OBLAST'|UKRAINE 87.248.160.134|-|-|MOLDOVA, REPUBLIC OF % 87.248.160.134 2007-10-01 00:08:00 xbl.spamhaus.org 127.0.0.5 = 91.122.13.234|MOSCOW|MOSKVA|RUSSIAN FEDERATION pcomm: 2007-06-12 % 91.122.13.234 2007-10-01 00:08:00 xbl.spamhaus.org 127.0.0.4 = 200.21.244.142|PASTO|NARINO|COLOMBIA 200.83.4.4|SANTIAGO|REGION METROPOLITANA|CHILE 200.83.4.6|SANTIAGO|REGION METROPOLITANA|CHILE 201.45.206.20|RIO DE JANEIRO|RIO DE JANEIRO|BRAZIL % 201.45.206.20 2007-10-01 00:08:00 xbl.spamhaus.org 127.0.0.4 = 216.241.182.210|DENVER|COLORADO|UNITED STATES|JEFFERSON|CO 218.104.180.228|-|-|CHINA % 218.104.180.228 2007-10-01 00:08:00 xbl.spamhaus.org 127.0.0.4 = % 218.104.180.228 2007-10-01 00:08:00 xbl.spamhaus.org 127.0.0.5 = On Wed, Oct 03, 2007 at 10:14:36AM +0200, bodik wrote: >To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >---------- >hello, > >just a few IPs, i strongly belives they belong to some russian botnet >which is used to blog spamming ... their activities results in DoS on >ouu server .. more than 250 000 comments ;) > >is anyone from > >netname: NETPLACE >descr: NETPLACE professional internet services >country: RU > >listening here ? ;) > >regars bodik > > >included ips not just from netplace >-------------CUT------------- >81.177.22.221 >58.23.131.174 >81.177.22.221 >201.45.206.20 >81.177.22.221 >69.231.139.157 >81.177.22.221 >200.21.244.142 >216.241.182.210 >200.83.4.4 >81.177.22.221 >91.122.13.234 >81.177.22.221 >64.59.139.153 >85.255.120.66 >81.177.22.221 >91.122.13.234 >81.177.22.221 >81.177.22.221 >66.249.65.77 >65.98.103.12 >65.98.103.12 >200.83.4.6 >81.177.22.221 >65.98.103.12 >81.177.22.221 >81.177.22.221 >66.122.198.87 >81.177.22.221 >81.177.22.221 >218.104.180.228 >65.98.103.12 >58.23.131.174 >74.137.130.136 >81.177.22.221 >65.98.103.12 >87.248.160.134 >87.248.160.134 >81.177.22.221 > >_______________________________________________ >To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >All list and server information are public and available to law enforcement >upon request. >http://www.whitestar.linuxbox.org/mailman/listinfo/botnets _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
