Jump to content
WebSam

Banned ip.

Recommended Posts

Hi.

Can you remove this ip from the black list please?

67.212.88.42

One of our computer has been accidentally infected with a virus and all php files were rewritten with shura.pl link...

We have clean all the files on the server and there is no more infection on this ip.

This server contains a lot of important projects and there is no spam or anything malware there.

Thanks

Sam.

Share this post


Link to post
Share on other sites

Sorry for taking so long.

This IP is on a Netelligent IP range, which is why it is blocked.

Share this post


Link to post
Share on other sites
Sorry for taking so long.

This IP is on a Netelligent IP range, which is why it is blocked.

Neteligent is only a optic fiber provider for the hosting company where the server is...

So why block an entire hosting company plus a range of honest business just for the connection company?

I really don't understand why...

Share this post


Link to post
Share on other sites

The problem is, Netelligent are continuing to provide hosting to criminals. After being alerted to such, they have failed to respond, let alone cease providing such, because of this, they have been blocked until such time as they cease provisions to criminals.

Share this post


Link to post
Share on other sites
The problem is, Netelligent are continuing to provide hosting to criminals. After being alerted to such, they have failed to respond, let alone cease providing such, because of this, they have been blocked until such time as they cease provisions to criminals.

Hello,

Can you please give me a list of domains and IP's that are responsible for this block ? Last I checked we removed every offending domains on our network.

Thank you,

Share this post


Link to post
Share on other sites

The following are the active cases from the last 7 days or so;

209.44.111.59	Failed resolution	secure.paysecureorder.com	http://secure.paysecureorder.com/order?agree=on&prodid=2&r=1.0&butt=
209.44.108.236 vm2.r4l.com www.yoga0400.biz http://www.yoga0400.biz/r57.txt
209.44.108.236 vm2.r4l.com yoga0400.biz http://yoga0400.biz/c99.txt
209.44.108.236 vm2.r4l.com yoga0400.biz http://yoga0400.biz/r57.txt
209.44.126.22 Failed resolution bodyscanonline.com http://bodyscanonline.com/hitin.php
209.44.126.152 Failed resolution goscansome.com http://goscansome.com
209.44.126.152 Failed resolution namearra.info http://namearra.info
209.44.126.152 Failed resolution namearra.info http://namearra.info/download/install.php
209.44.126.36 Failed resolution scanriteweb.com http://scanriteweb.com/index.php?affid=19000
209.44.126.36 Failed resolution scanonlinedirect.com http://scanonlinedirect.com/download.php?affid=00000
209.44.111.57 Failed resolution analyticsadvanced.com http://analyticsadvanced.com/counter/bins/81l.exe
209.44.111.57 Failed resolution analyticsadvanced.com http://analyticsadvanced.com/counter/
209.44.111.57 Failed resolution analyticsadvanced.com http://analyticsadvanced.com/counter/ab.pdf
209.44.111.57 Failed resolution analyticsadvanced.com http://analyticsadvanced.com/counter/load.php
209.44.126.81 Failed resolution securitytestavailable.com http://securitytestavailable.com
209.44.126.102 Failed resolution goscanedge.com http://goscanedge.com/?uid=12401
209.44.126.81 Failed resolution securitytestavailable.com http://securitytestavailable.com:80/index.php?affid=20200
209.44.126.22 Failed resolution bodyscanguide.com http://bodyscanguide.com/index.php?affid=11500
209.44.126.36 Failed resolution scanonlinedirect.com http://scanonlinedirect.com/download.php?affid=26900
209.44.126.22 Failed resolution bodyscanguide.com http://bodyscanguide.com/download.php?affid=00000
209.44.126.152 Failed resolution dirfile.info http://dirfile.info/download/install.php
209.44.126.41 Failed resolution 209.44.126.41 http://209.44.126.41/.ex/nafig.exe
209.44.115.203 Failed resolution aamo.net http://aamo.net/
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/adnsub.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/Album_Tokyo_Panasonic_2008.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/announcement.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/conf.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/contact.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/curviceprresident.html
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/default.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/edp.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/evolution.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/exchange.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/feedback.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/journal.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/listofaamomembers.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/listofaamopresident.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/mci.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/newsletter.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/president.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/publications.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/research.htm
209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/download.php?
209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/download.php?affid=19000
209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/download.php
209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/install/ws.exe
209.44.126.16 Failed resolution systemsecuritysite.com http://systemsecuritysite.com/install/wscleaner.exe
209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/install/ws.exe
209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/index.php
209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/scan.php
209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/in.php
209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/download.php?affid=20100
209.44.126.81 Failed resolution securitytoolsite.com http://securitytoolsite.com/index.php?affid=20100
209.44.126.81 Failed resolution securityproductsupply.com http://securityproductsupply.com/index.php?affid=04811
209.44.126.81 Failed resolution securityproductsupply.com http://securityproductsupply.com/download.php?affid=00000
209.44.126.81 Failed resolution securityproductsupply.com http://securityproductsupply.com/hitin.php?land=20&affid=26700
209.44.126.81 Failed resolution securitytoolonline.com http://securitytoolonline.com
209.44.126.81 Failed resolution securitytoolonline.com http://securitytoolonline.com/index.php?affid=18900
209.44.126.81 Failed resolution securitytoolonline.com http://securitytoolonline.com/download.php?affid=26700
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/Album_Tokyo_Chinese_2008.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/Album_Tokyo_Conference_2008.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/Album_Tokyo_Korea_2008.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/Album_Tokyo_Symposium_2008.htm
209.44.115.203 Failed resolution www.aamo.net http://www.aamo.net/jj_irani.htm
209.44.117.62 Failed resolution 209.44.117.62 http://209.44.117.62/server/npopup/dnl/11.exe
209.44.126.30 Failed resolution 209.44.126.30 http://209.44.126.30/exses.exe
209.44.126.30 Failed resolution 209.44.126.30 http://209.44.126.30/ghbb.bin
209.44.126.30 Failed resolution 209.44.126.30 http://209.44.126.30/unsecurity/load.php?id=19663
209.44.126.16 Failed resolution systemsecurityonline.com http://systemsecurityonline.com/download.php
209.44.126.81 Failed resolution www.securitytoolonline.com http://www.securitytoolonline.com/
209.44.126.30 Failed resolution 209.44.126.30 http://209.44.126.30/herwam.exe

I'm currently processing those in the hpHosts database to see which are still active, I'll post the results once they're done.

Share this post


Link to post
Share on other sites

An example of why this has escalated to this proportion, aside from my never receiving a single response to an abuse report (nor to my knowledge, have any of my collegues), can be found here (little old now, but should give an idea);

http://hphosts.blogspot.com/2009/05/google...es-and-250.html

I've also got 70 on one of your other ranges (67.212.*), as have Clean-MX (alot of those on Clean-MX are marked as dead now);

http://support.clean-mx.de/clean-mx/viruse...?sort=firstseen desc&as=AS10929

http://hosts-file.net/pest.asp?show=67.212.

And as have MalwareURL;

http://www.malwareurl.com/search.php?s=AS10929&match=0

And as have Malware Domain List;

http://www.malwaredomainlist.com/mdl.php?s...amp;quantity=50

http://www.malwaredomainlist.com/mdl.php?s...amp;quantity=50

Share this post


Link to post
Share on other sites

These are the recent cases from my offline database, on your 67.212.* range;

67.212.71.196	Failed resolution	gagtemple.info	http://gagtemple.info/download/install.php
67.212.71.196 Failed resolution strelyk.info http://strelyk.info/download/install.php
67.212.71.196 Failed resolution gagtemple.info http://gagtemple.info/download/install.php
67.212.71.196 Failed resolution in5id.com http://in5id.com/download/file.exe
67.212.71.196 Failed resolution resuma.info http://resuma.info/download/install.php
67.212.71.196 Failed resolution cascas.info http://cascas.info
67.212.71.196 Failed resolution goscantune.com http://goscantune.com
67.212.71.196 Failed resolution gotunescan.com http://gotunescan.com
67.212.185.202 web15.justhost.com www.computeradroit.com http://www.computeradroit.com
67.212.81.29 Failed resolution scan-spyware-now.com http://scan-spyware-now.com
67.212.65.41 Failed resolution babyruthie.com http://babyruthie.com/
67.212.80.121 Failed resolution xtraff.cn http://xtraff.cn/scr/in.cgi?5
67.212.71.196 Failed resolution gobackscan.com http://gobackscan.com/?uid=151
67.212.71.196 Failed resolution pitchy.info http://pitchy.info/22/?uid=151
67.212.162.250 web59.justhost.com www.hotlife.us http://www.hotlife.us/mediastream/components/SecureLiveVideo.exe
67.212.162.250 web59.justhost.com www.hotlife.us http://www.hotlife.us/mediastream/components/SecureLiveVideo.exe
67.212.71.196 Failed resolution unmoan.info http://unmoan.info/common/destrub.js
67.212.80.125 Failed resolution wwwworldweb.com http://wwwworldweb.com/pdf.php?id=1706
67.212.80.125 Failed resolution wwwworldweb.com http://wwwworldweb.com/pdf.php?id=1706&vis=1
67.212.65.41 Failed resolution www.babyruthie.com http://www.babyruthie.com/
67.212.65.41 Failed resolution www.babyruthie.com http://www.babyruthie.com/CCBill/index.htm
67.212.81.69 Failed resolution gpt0.ru http://gpt0.ru/b3/b3.exe
67.212.176.82 redhotservers.com support.redhotservers.com http://support.redhotservers.com
67.212.166.154 web13.justhost.com jumpyjunction.com http://jumpyjunction.com
67.212.166.146 web12.justhost.com performerscity.com http://performerscity.com

/edit

See also;

http://safebrowsing.clients.google.com/saf...p;site=AS:10929

Share this post


Link to post
Share on other sites

Hi MysteryFCM,

Thanks for taking the time to get back to us. What emails were you sending us complaints from. We have responded to every complaint regarding these specific IPs and we have the record in our abuse ticketing system. I will lookover the records if you can give me the email.

Moving on, I've looked over most of the IPs you've included. Alot of them are outdated.

All the 209.44.126.xx and 67.212.71.xx were blocked over a month ago.

You can also check http://www.maliciousnetworks.org/chart.php?as=AS10929 for the activity on our networking showing a significant drop. And thats in beginning of August. They should be updating soon with more recent data which should show us at a much healthier level as proof of the cleansing of these hosts.

These aren't our IPs

67.212.185.202	web15.justhost.com	www.computeradroit.com	[url="http://www.computeradroit.com"]http://www.computeradroit.com[/url]
67.212.162.250 web59.justhost.com www.hotlife.us [url="http://www.hotlife.us/mediastream/components/SecureLiveVideo.exe"]http://www.hotlife.us/mediastream/componen...reLiveVideo.exe[/url]
67.212.162.250 web59.justhost.com www.hotlife.us [url="http://www.hotlife.us/mediastream/components/SecureLiveVideo.exe"]http://www.hotlife.us/mediastream/componen...reLiveVideo.exe[/url]
67.212.166.154 web13.justhost.com jumpyjunction.com [url="http://jumpyjunction.com"]http://jumpyjunction.com[/url]
67.212.166.146 web12.justhost.com performerscity.com [url="http://performerscity.com"]http://performerscity.com[/url]

67.212.176.82 redhotservers.com support.redhotservers.com http://support.redhotservers.com

We will check on the following.

67.212.80.121	Failed resolution	xtraff.cn	[url="http://xtraff.cn/scr/in.cgi?5"]http://xtraff.cn/scr/in.cgi?5[/url]
67.212.80.125 Failed resolution wwwworldweb.com [url="http://wwwworldweb.com/pdf.php?id=1706"]http://wwwworldweb.com/pdf.php?id=1706[/url]
67.212.80.125 Failed resolution wwwworldweb.com [url="http://wwwworldweb.com/pdf.php?id=1706&vis=1"]http://wwwworldweb.com/pdf.php?id=1706&vis=1[/url]
67.212.65.41 Failed resolution babyruthie.com [url="http://babyruthie.com/"]http://babyruthie.com/[/url]
67.212.65.41 Failed resolution www.babyruthie.com [url="http://www.babyruthie.com/"]http://www.babyruthie.com/[/url]
67.212.65.41 Failed resolution www.babyruthie.com [url="http://www.babyruthie.com/CCBill/index.htm"]http://www.babyruthie.com/CCBill/index.htm[/url]
67.212.81.69 Failed resolution gpt0.ru [url="http://gpt0.ru/b3/b3.exe"]http://gpt0.ru/b3/b3.exe[/url]

Share this post


Link to post
Share on other sites

Hi Mystery,

Great list. Most of them are defunct though. All the 209.44.126.xx have been removed completely. That whole /24 was killed off.

Checking the others.

Share this post


Link to post
Share on other sites

Thanks for letting me know.

Can you tell me what measures you're taking to prevent this re-appearing on your network?

I've not had a chance to process todays URL's yet, but will post any from your network that show up once they've been processed.

Share this post


Link to post
Share on other sites

Hi!

Well the biggest problem in these things propping up on our network is that were mainly relying on nothing more than complaints that arrive to our abuse department. So although that is useful in most cases, it's not helpful in detecting outbreaks on a more consistent basis. What we have been doing over the past several weeks is to pro-actively search out our name in forums like this one to see whats the word on "the street", as well as using links such as the ones I provided in one of my earlier posts. Hopefully this will help us remove all offending content in the future.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.