PaulDotCom mailing list archives
Anybody See This Before?
From: adsquaired at gmail.com (Adsquaired)
Date: Sun, 1 Feb 2009 10:18:18 -0500
Do you have the COX security suite or tools installed? Are the other IPs connecting to the COX network? Have you tried running tcpview to see what program is creating the connection? On Sun, Feb 1, 2009 at 1:51 AM, Brice Smith <bsmith2301 at gmail.com> wrote:
Anybody seen this before? Appears that it might be malware connecting out. The structure is the same but seeing it on multiple machines. Always different IP but the /idle, /open, /send are constant. hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/0 hxxp://70.183.191.93/open/1 hxxp://70.183.191.93/open/1 hxxp://70.183.191.93/open/1 hxxp://70.183.191.93/open/1 hxxp://70.183.191.93/open/1 hxxp://70.183.191.93/open/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/1 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/2 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3 hxxp://70.183.191.93/idle/whamyd8r+xi+25kr/3 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4 hxxp://70.183.191.93/send/whamyd8r+xi+25kr/4 _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Arthur DiSegna Network Operations Center Authentium, Inc.
Current thread:
- Anybody See This Before? Brice Smith (Jan 31)
- Anybody See This Before? Adsquaired (Feb 01)
- Anybody See This Before? Arch Angel (Feb 01)
- Anybody See This Before? Brice Smith (Feb 01)
- Anybody See This Before? byte.bucket at 4a44.com (Feb 01)
- Anybody See This Before? Brice Smith (Feb 01)
- Anybody See This Before? Brian Gray (Feb 02)
- Anybody See This Before? Brice Smith (Feb 01)