WebSam Posted August 24, 2009 ID:114220 Share Posted August 24, 2009 Hi.Can you remove this ip from the black list please?67.212.88.42One of our computer has been accidentally infected with a virus and all php files were rewritten with shura.pl link...We have clean all the files on the server and there is no more infection on this ip.This server contains a lot of important projects and there is no spam or anything malware there.ThanksSam. Link to post Share on other sites More sharing options...
MysteryFCM Posted August 25, 2009 ID:114549 Share Posted August 25, 2009 Sorry for taking so long.This IP is on a Netelligent IP range, which is why it is blocked. Link to post Share on other sites More sharing options...
WebSam Posted August 25, 2009 Author ID:114570 Share Posted August 25, 2009 Sorry for taking so long.This IP is on a Netelligent IP range, which is why it is blocked.Neteligent is only a optic fiber provider for the hosting company where the server is...So why block an entire hosting company plus a range of honest business just for the connection company?I really don't understand why... Link to post Share on other sites More sharing options...
MysteryFCM Posted August 25, 2009 ID:114588 Share Posted August 25, 2009 The problem is, Netelligent are continuing to provide hosting to criminals. After being alerted to such, they have failed to respond, let alone cease providing such, because of this, they have been blocked until such time as they cease provisions to criminals. Link to post Share on other sites More sharing options...
thibot Posted September 17, 2009 ID:128585 Share Posted September 17, 2009 The problem is, Netelligent are continuing to provide hosting to criminals. After being alerted to such, they have failed to respond, let alone cease providing such, because of this, they have been blocked until such time as they cease provisions to criminals.Hello, Can you please give me a list of domains and IP's that are responsible for this block ? Last I checked we removed every offending domains on our network. Thank you, Link to post Share on other sites More sharing options...
MysteryFCM Posted September 17, 2009 ID:128587 Share Posted September 17, 2009 The following are the active cases from the last 7 days or so;209.44.111.59 Failed resolution secure.paysecureorder.com http://secure.paysecureorder.com/order?agree=on&prodid=2&r=1.0&butt=209.44.108.236 vm2.r4l.com www.yoga0400.biz http://www.yoga0400.biz/r57.txt209.44.108.236 vm2.r4l.com yoga0400.biz http://yoga0400.biz/c99.txt209.44.108.236 vm2.r4l.com yoga0400.biz http://yoga0400.biz/r57.txt209.44.126.22 Failed resolution bodyscanonline.com http://bodyscanonline.com/hitin.php209.44.126.152 Failed resolution goscansome.com http://goscansome.com209.44.126.152 Failed resolution namearra.info http://namearra.info209.44.126.152 Failed resolution namearra.info http://namearra.info/download/install.php209.44.126.36 Failed resolution scanriteweb.com http://scanriteweb.com/index.php?affid=19000209.44.126.36 Failed resolution scanonlinedirect.com http://scanonlinedirect.com/download.php?affid=00000209.44.111.57 Failed resolution analyticsadvanced.com http://analyticsadvanced.com/counter/bins/81l.exe209.44.111.57 Failed resolution analyticsadvanced.com http://analyticsadvanced.com/counter/209.44.111.57 Failed resolution analyticsadvanced.com http://analyticsadvanced.com/counter/ab.pdf209.44.111.57 Failed resolution analyticsadvanced.com http://analyticsadvanced.com/counter/load.php209.44.126.81 Failed resolution securitytestavailable.com http://securitytestavailable.com209.44.126.102 Failed resolution goscanedge.com http://goscanedge.com/?uid=12401209.44.126.81 Failed resolution securitytestavailable.com http://securitytestavailable.com:80/index.php?affid=20200209.44.126.22 Failed resolution bodyscanguide.com http://bodyscanguide.com/index.php?affid=11500209.44.126.36 Failed resolution scanonlinedirect.com http://scanonlinedirect.com/download.php?affid=26900209.44.126.22 Failed resolution bodyscanguide.com http://bodyscanguide.com/download.php?affid=00000209.44.126.152 Failed resolution dirfile.info http://dirfile.info/download/install.php209.44.126.41 Failed resolution 209.44.126.41 http://209.44.126.41/.ex/nafig.exe209.44.115.203 Failed resolution aamo.net http://aamo.net/209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/adnsub.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/Album_Tokyo_Panasonic_2008.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/announcement.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/conf.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/contact.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/curviceprresident.html209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/default.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/edp.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/evolution.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/exchange.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/feedback.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/journal.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/listofaamomembers.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/listofaamopresident.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/mci.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/newsletter.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/president.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/publications.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/research.htm209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/download.php?209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/download.php?affid=19000209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/download.php209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/install/ws.exe209.44.126.16 Failed resolution systemsecuritysite.com http://systemsecuritysite.com/install/wscleaner.exe209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/install/ws.exe209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/index.php209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/scan.php209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/in.php209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/download.php?affid=20100209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/index.php?affid=20100209.44.126.81 Failed resolution securityproductsupply.com http://securityproductsupply.com/index.php?affid=04811209.44.126.81 Failed resolution securityproductsupply.com http://securityproductsupply.com/download.php?affid=00000209.44.126.81 Failed resolution securityproductsupply.com http://securityproductsupply.com/hitin.php?land=20&affid=26700209.44.126.81 Failed resolution securitytoolonline.com http://securitytoolonline.com209.44.126.81 Failed resolution securitytoolonline.com http://securitytoolonline.com/index.php?affid=18900209.44.126.81 Failed resolution securitytoolonline.com http://securitytoolonline.com/download.php?affid=26700209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/Album_Tokyo_Chinese_2008.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/Album_Tokyo_Conference_2008.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/Album_Tokyo_Korea_2008.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/Album_Tokyo_Symposium_2008.htm209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/jj_irani.htm209.44.117.62 Failed resolution 209.44.117.62 http://209.44.117.62/server/npopup/dnl/11.exe209.44.126.30 Failed resolution 209.44.126.30 http://209.44.126.30/exses.exe209.44.126.30 Failed resolution 209.44.126.30 http://209.44.126.30/ghbb.bin209.44.126.30 Failed resolution 209.44.126.30 http://209.44.126.30/unsecurity/load.php?id=19663209.44.126.16 Failed resolution systemsecurityonline.com http://systemsecurityonline.com/download.php209.44.126.81 Failed resolution www.securitytoolonline.com http://www.securitytoolonline.com/209.44.126.30 Failed resolution 209.44.126.30 http://209.44.126.30/herwam.exeI'm currently processing those in the hpHosts database to see which are still active, I'll post the results once they're done. Link to post Share on other sites More sharing options...
MysteryFCM Posted September 17, 2009 ID:128590 Share Posted September 17, 2009 An example of why this has escalated to this proportion, aside from my never receiving a single response to an abuse report (nor to my knowledge, have any of my collegues), can be found here (little old now, but should give an idea);http://hphosts.blogspot.com/2009/05/google...es-and-250.htmlI've also got 70 on one of your other ranges (67.212.*), as have Clean-MX (alot of those on Clean-MX are marked as dead now);http://support.clean-mx.de/clean-mx/viruse...?sort=firstseen desc&as=AS10929http://hosts-file.net/pest.asp?show=67.212.And as have MalwareURL;http://www.malwareurl.com/search.php?s=AS10929&match=0And as have Malware Domain List;http://www.malwaredomainlist.com/mdl.php?s...amp;quantity=50http://www.malwaredomainlist.com/mdl.php?s...amp;quantity=50 Link to post Share on other sites More sharing options...
MysteryFCM Posted September 17, 2009 ID:128591 Share Posted September 17, 2009 These are the recent cases from my offline database, on your 67.212.* range;67.212.71.196 Failed resolution gagtemple.info http://gagtemple.info/download/install.php67.212.71.196 Failed resolution strelyk.info http://strelyk.info/download/install.php67.212.71.196 Failed resolution gagtemple.info http://gagtemple.info/download/install.php67.212.71.196 Failed resolution in5id.com http://in5id.com/download/file.exe67.212.71.196 Failed resolution resuma.info http://resuma.info/download/install.php67.212.71.196 Failed resolution cascas.info http://cascas.info67.212.71.196 Failed resolution goscantune.com http://goscantune.com67.212.71.196 Failed resolution gotunescan.com http://gotunescan.com67.212.185.202 web15.justhost.com www.computeradroit.com http://www.computeradroit.com67.212.81.29 Failed resolution scan-spyware-now.com http://scan-spyware-now.com67.212.65.41 Failed resolution babyruthie.com http://babyruthie.com/67.212.80.121 Failed resolution xtraff.cn http://xtraff.cn/scr/in.cgi?567.212.71.196 Failed resolution gobackscan.com http://gobackscan.com/?uid=15167.212.71.196 Failed resolution pitchy.info http://pitchy.info/22/?uid=15167.212.162.250 web59.justhost.com www.hotlife.us http://www.hotlife.us/mediastream/components/SecureLiveVideo.exe67.212.162.250 web59.justhost.com www.hotlife.us http://www.hotlife.us/mediastream/components/SecureLiveVideo.exe67.212.71.196 Failed resolution unmoan.info http://unmoan.info/common/destrub.js67.212.80.125 Failed resolution wwwworldweb.com http://wwwworldweb.com/pdf.php?id=170667.212.80.125 Failed resolution wwwworldweb.com http://wwwworldweb.com/pdf.php?id=1706&vis=167.212.65.41 Failed resolution www.babyruthie.com http://www.babyruthie.com/67.212.65.41 Failed resolution www.babyruthie.com http://www.babyruthie.com/CCBill/index.htm67.212.81.69 Failed resolution gpt0.ru http://gpt0.ru/b3/b3.exe67.212.176.82 redhotservers.com support.redhotservers.com http://support.redhotservers.com67.212.166.154 web13.justhost.com jumpyjunction.com http://jumpyjunction.com67.212.166.146 web12.justhost.com performerscity.com http://performerscity.com/editSee also;http://safebrowsing.clients.google.com/saf...p;site=AS:10929 Link to post Share on other sites More sharing options...
thibot Posted September 17, 2009 ID:128601 Share Posted September 17, 2009 Hi MysteryFCM,Thanks for taking the time to get back to us. What emails were you sending us complaints from. We have responded to every complaint regarding these specific IPs and we have the record in our abuse ticketing system. I will lookover the records if you can give me the email.Moving on, I've looked over most of the IPs you've included. Alot of them are outdated.All the 209.44.126.xx and 67.212.71.xx were blocked over a month ago.You can also check http://www.maliciousnetworks.org/chart.php?as=AS10929 for the activity on our networking showing a significant drop. And thats in beginning of August. They should be updating soon with more recent data which should show us at a much healthier level as proof of the cleansing of these hosts.These aren't our IPs67.212.185.202 web15.justhost.com www.computeradroit.com [url="http://www.computeradroit.com"]http://www.computeradroit.com[/url]67.212.162.250 web59.justhost.com www.hotlife.us [url="http://www.hotlife.us/mediastream/components/SecureLiveVideo.exe"]http://www.hotlife.us/mediastream/componen...reLiveVideo.exe[/url]67.212.162.250 web59.justhost.com www.hotlife.us [url="http://www.hotlife.us/mediastream/components/SecureLiveVideo.exe"]http://www.hotlife.us/mediastream/componen...reLiveVideo.exe[/url]67.212.166.154 web13.justhost.com jumpyjunction.com [url="http://jumpyjunction.com"]http://jumpyjunction.com[/url]67.212.166.146 web12.justhost.com performerscity.com [url="http://performerscity.com"]http://performerscity.com[/url]67.212.176.82 redhotservers.com support.redhotservers.com http://support.redhotservers.comWe will check on the following.67.212.80.121 Failed resolution xtraff.cn [url="http://xtraff.cn/scr/in.cgi?5"]http://xtraff.cn/scr/in.cgi?5[/url]67.212.80.125 Failed resolution wwwworldweb.com [url="http://wwwworldweb.com/pdf.php?id=1706"]http://wwwworldweb.com/pdf.php?id=1706[/url]67.212.80.125 Failed resolution wwwworldweb.com [url="http://wwwworldweb.com/pdf.php?id=1706&vis=1"]http://wwwworldweb.com/pdf.php?id=1706&vis=1[/url]67.212.65.41 Failed resolution babyruthie.com [url="http://babyruthie.com/"]http://babyruthie.com/[/url]67.212.65.41 Failed resolution www.babyruthie.com [url="http://www.babyruthie.com/"]http://www.babyruthie.com/[/url]67.212.65.41 Failed resolution www.babyruthie.com [url="http://www.babyruthie.com/CCBill/index.htm"]http://www.babyruthie.com/CCBill/index.htm[/url]67.212.81.69 Failed resolution gpt0.ru [url="http://gpt0.ru/b3/b3.exe"]http://gpt0.ru/b3/b3.exe[/url] Link to post Share on other sites More sharing options...
MysteryFCM Posted September 17, 2009 ID:128606 Share Posted September 17, 2009 All e-mails I sent were sent from services @ it-mate.co.ukThe results I mentioned earlier are now ready, and a few are still showing as resolving to your IP ranges;http://hosts-file.net/misc/hpObserver_-_209.44.html Link to post Share on other sites More sharing options...
thibot Posted September 18, 2009 ID:129076 Share Posted September 18, 2009 Hi Mystery,Great list. Most of them are defunct though. All the 209.44.126.xx have been removed completely. That whole /24 was killed off.Checking the others. Link to post Share on other sites More sharing options...
MysteryFCM Posted September 18, 2009 ID:129098 Share Posted September 18, 2009 Thanks for letting me know.Can you tell me what measures you're taking to prevent this re-appearing on your network?I've not had a chance to process todays URL's yet, but will post any from your network that show up once they've been processed. Link to post Share on other sites More sharing options...
thibot Posted September 21, 2009 ID:130603 Share Posted September 21, 2009 Hi!Well the biggest problem in these things propping up on our network is that were mainly relying on nothing more than complaints that arrive to our abuse department. So although that is useful in most cases, it's not helpful in detecting outbreaks on a more consistent basis. What we have been doing over the past several weeks is to pro-actively search out our name in forums like this one to see whats the word on "the street", as well as using links such as the ones I provided in one of my earlier posts. Hopefully this will help us remove all offending content in the future. Link to post Share on other sites More sharing options...
Recommended Posts