[botnets] Warning -- fake no-ip domains

Peter Dambier Sun, 02 Dec 2007 02:29:29 -0800

To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Hello


there is a bad echnaton trying to send spam and malware:

~> natnum echnaton.servefpt.com
host_look("66.45.252.236","echnaton.servefpt.com","1110310124").
host_look("66.45.252.237","echnaton.servefpt.com","1110310125").

Here is my real echnaton:

~> natnum echnaton.serveftp.com
host_look("62.227.205.19","echnaton.serveftp.com","1055116563").
host_name("62.227.205.19","p3EE3CD13.dip.t-dialin.net").


Spam that was sent looks as if it came from me and I got the bounces.
I guess they intend more than sending spam.


Whatever they are doing - it looks nasty to me:

; <<>> DiG 9.4.0b4 <<>> -t any echnaton.servefpt.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50443
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;echnaton.servefpt.com.         IN      ANY

;; ANSWER SECTION:
echnaton.servefpt.com.  1916    IN      A       66.45.252.236
echnaton.servefpt.com.  1916    IN      A       66.45.252.237

;; AUTHORITY SECTION:
servefpt.com.           171116  IN      NS      ns1.smartdamain.com.
servefpt.com.           171116  IN      NS      ns2.smartdamain.com.
servefpt.com.           171116  IN      NS      ns3.smartdamain.com.

;; Query time: 27 msec
;; SERVER: 192.168.48.227#53(192.168.48.227)
;; WHEN: Sun Dec  2 11:10:54 2007
;; MSG SIZE  rcvd: 137


; <<>> DiG 9.4.0b4 <<>> -t any echnaton.servefpt.com @ns1.smartdamain.com.
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43216
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;echnaton.servefpt.com.         IN      ANY

;; ANSWER SECTION:
echnaton.servefpt.com.  3600    IN      A       66.45.254.244
echnaton.servefpt.com.  3600    IN      A       66.45.252.237

;; AUTHORITY SECTION:
.                       259200  IN      NS      ns.

;; Query time: 215 msec
;; SERVER: 201.218.252.69#53(201.218.252.69)
;; WHEN: Sun Dec  2 11:11:08 2007
;; MSG SIZE  rcvd: 86


; <<>> DiG 9.4.0b4 <<>> -t any . @ns1.smartdamain.com.
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41544
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;.                              IN      ANY

;; ANSWER SECTION:
.                       2560    IN      SOA     ns. hostmaster. 
1194673253 16384 2048 1048576 2560
.                       259200  IN      NS      ns.

;; Query time: 131 msec
;; SERVER: 64.20.49.218#53(64.20.49.218)
;; WHEN: Sun Dec  2 11:14:32 2007
;; MSG SIZE  rcvd: 77


Kind regards
Peter and Karin Dambier

-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement 
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets

[botnets] Warning -- fake no-ip domains

Reply via email to