PaulDotCom mailing list archives
Anybody See This Before?
From: arch3angel at gmail.com (Arch Angel)
Date: Sun, 1 Feb 2009 15:41:35 -0500
How are you pulling these logs? On Sun, Feb 1, 2009 at 1:51 AM, Brice Smith <bsmith2301 at gmail.com> wrote:
Anybody seen this before? Appears that it might be malware connecting out. The structure is the same but seeing it on multiple machines. Always different IP but the /idle, /open, /send are constant. hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0 hxxp://70.183.191.93/open/1 hxxp://70.183.191.93/open/1 hxxp://70.183.191.93/open/1 hxxp://70.183.191.93/open/1 hxxp://70.183.191.93/open/1 hxxp://70.183.191.93/open/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4 _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090201/2f7de178/attachment.htm
Current thread:
- Anybody See This Before? Brice Smith (Jan 31)
- Anybody See This Before? Adsquaired (Feb 01)
- Anybody See This Before? Arch Angel (Feb 01)
- Anybody See This Before? Brice Smith (Feb 01)
- Anybody See This Before? byte.bucket at 4a44.com (Feb 01)
- Anybody See This Before? Brice Smith (Feb 01)
- Anybody See This Before? Brian Gray (Feb 02)
- Anybody See This Before? Brice Smith (Feb 01)