 Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3
 ·Shaw
| TCP port 65506 proxy scan While most of my captures on 65506 have been simple port open scans I did capture one scan that had some interesting 'meat' in it. In short this is a proxy scan where somebody also attempted to access cgi-bin env checker to see the proxy would connect anonymously or forward identifying headers.
TCP Connection Request
---- 11/03/2004 00:49:42.505
67.172.223.250 : 3804 TCP Connected ID = 1
---- 11/03/2004 00:49:42.505
Status Code: 0 OK
67.172.223.250 : 3804 TCP Data In Length 66 bytes
MD5 = 7CCD065E4BD68E9E172E17B6C9DE1CFA
---- 11/03/2004 00:49:42.516
0000 47 45 54 20 68 74 74 70 3A 2F 2F 77 77 77 2E 68 GET »www.h
0010 65 6C 6C 6C 61 62 73 2E 63 6F 6D 2E 75 61 2F 63 elllabs.com.ua/c
0020 67 69 2D 62 69 6E 2F 74 65 78 74 65 6E 76 2E 70 gi-bin/textenv.p
0030 6C 3F 36 35 35 30 36 20 48 54 54 50 2F 31 2E 30 l?65506 HTTP/1.0
0040 0D 0A ..
67.172.223.250 : 3804 TCP Data In Length 274 bytes
MD5 = B02992E2BC31B79CE090CBB4DDD7A1BA
---- 11/03/2004 00:49:42.786
0000 48 6F 73 74 3A 20 77 77 77 2E 68 65 6C 6C 6C 61 Host: www.hellla
0010 62 73 2E 63 6F 6D 2E 75 61 0D 0A 41 63 63 65 70 bs.com.ua..Accep
0020 74 3A 20 69 6D 61 67 65 2F 67 69 66 2C 20 69 6D t: image/gif, im
0030 61 67 65 2F 78 2D 78 62 69 74 6D 61 70 2C 20 69 age/x-xbitmap, i
0040 6D 61 67 65 2F 6A 70 65 67 2C 20 69 6D 61 67 65 mage/jpeg, image
0050 2F 70 6A 70 65 67 2C 20 61 70 70 6C 69 63 61 74 /pjpeg, applicat
0060 69 6F 6E 2F 76 6E 64 2E 6D 73 2D 65 78 63 65 6C ion/vnd.ms-excel
0070 2C 20 61 70 70 6C 69 63 61 74 69 6F 6E 2F 6D 73 , application/ms
0080 77 6F 72 64 2C 20 2A 2F 2A 0D 0A 41 63 63 65 70 word, */*..Accep
0090 74 2D 4C 61 6E 67 75 61 67 65 3A 20 65 6E 0D 0A t-Language: en..
00A0 55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A 69 User-Agent: Mozi
00B0 6C 6C 61 2F 34 2E 30 20 28 63 6F 6D 70 61 74 69 lla/4.0 (compati
00C0 62 6C 65 3B 20 4D 53 49 45 20 35 2E 35 3B 20 57 ble; MSIE 5.5; W
00D0 69 6E 64 6F 77 73 20 4E 54 20 34 2E 30 29 0D 0A indows NT 4.0)..
00E0 50 72 61 67 6D 61 3A 20 6E 6F 2D 63 61 63 68 65 Pragma: no-cache
00F0 0D 0A 50 72 6F 78 79 2D 43 6F 6E 6E 65 63 74 69 ..Proxy-Connecti
0100 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A on: Keep-Alive..
0110 0D 0A ..
67.172.223.250 : 3804 TCP Disconnected ID = 1
---- 11/03/2004 00:49:52.570
Status Code: 45056 [45056] (no description available)
TCP Connection Request
---- 11/03/2004 00:49:52.690
67.172.223.250 : 2515 TCP Connected ID = 1
---- 11/03/2004 00:49:52.690
Status Code: 0 OK
67.172.223.250 : 2515 TCP Data In Length 9 bytes
MD5 = E8302B4B22768A00926F8D936C92D41A
---- 11/03/2004 00:49:52.690
0000 04 01 00 50 D9 10 10 6D 00 ...P...m.
67.172.223.250 : 2515 TCP Disconnected ID = 1
---- 11/03/2004 00:50:02.865
Status Code: 45056 [45056] (no description available)
TCP Connection Request
---- 11/03/2004 00:50:03.015
67.172.223.250 : 1982 TCP Connected ID = 1
---- 11/03/2004 00:50:03.015
Status Code: 0 OK
67.172.223.250 : 1982 TCP Data In Length 3 bytes
MD5 = 19B893B938ACE1DEFE7D090E510F0618
---- 11/03/2004 00:50:03.025
0000 05 01 00 ...
67.172.223.250 : 1982 TCP Disconnected ID = 1
---- 11/03/2004 00:50:13.160
Status Code: 45056 [45056] (no description available)
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 Reviews:
·Shaw
| Now I'm receiving tons of these, I wonder why 
209.51.212.114 : 4856 TCP Data In Length 38 bytes
MD5 = F4C16A6609BED1750C4BA8E8CBF2AF18
---- 11/03/2004 03:16:24.322
0000 43 4F 4E 4E 45 43 54 20 36 34 2E 32 32 34 2E 32 CONNECT 64.224.2
0010 31 39 2E 31 32 32 3A 32 35 20 48 54 54 50 2F 31 19.122:25 HTTP/1
0020 2E 30 0D 0A 0D 0A .0....
209.126.185.116 : 1365 TCP Data In Length 36 bytes
MD5 = BEBB9209F7F86734C9D0C695671D47FF
---- 11/03/2004 03:16:09.691
0000 43 4F 4E 4E 45 43 54 20 31 39 38 2E 38 30 2E 31 CONNECT 198.80.1
0010 33 31 2E 34 3A 32 35 20 48 54 54 50 2F 31 2E 30 31.4:25 HTTP/1.0
0020 0D 0A 0D 0A ....
209.51.212.130 : 2003 TCP Data In Length 38 bytes
MD5 = EE657F6B2B5CAAF56999215478268AC8
---- 11/03/2004 03:16:54.515
0000 43 4F 4E 4E 45 43 54 20 31 39 35 2E 32 34 35 2E CONNECT 195.245.
0010 32 33 30 2E 38 33 3A 32 35 20 48 54 54 50 2F 31 230.83:25 HTTP/1
0020 2E 30 0D 0A 0D 0A .0....
etc, etc, etc, etc, etc, etc from a number of different IP Addresses (209.126.185.116, 209.126.185.150, 65.49.48.218, 209.51.212.130, 209.51.212.114, 66.36.240.76).
OK so a pile of people owe me big tonight for 'defecting' this junk.
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH
1 edit | I only have two so far (along with a bunch of connects that passed no data), and they both read (I modified the URL): quote:
GET ht tp://www.helllabs.com.ua/cgi-bin/textenv.pl?65506 HTTP/1.0
Host: www.helllabs.com.ua
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms
excel, application/msword, */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)
Pragma: no-cache
Proxy-Connection: Keep-Alive
And in both cases, the next 2 connects contained the following data (these are hex dumps): quote:
0104 5000 10d9 6d10 0000
and quote:
0105 0000
|
|
 jansm38Vn800-BPremium
join:2003-05-19
Blackwood, NJ | reply to Link Logger
I've seen a sudden rise in port 65506 scans as well.
Any thoughts as to what it's all about? I've never been probed on that port before until 2 days ago. |
|
kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH | I'm thinking it has to do with the Phatbot/Agobot backdoor worm/trojan that's been pushed to Mydoom-infected boxes over the past few days. From what I've read it installs a proxy on port 65506. |
|
 pcdebbRIP dadkinsPremium
join:2000-12-03
Brandon, FL
kudos:4 | reply to Link Logger
my logs tell me i started getting hits on yesterday (3/10) about maybe 7am or so, 10 for today so far |
|
 catseyenuAck PfftPremium
join:2001-11-17
Fix East | reply to kpatz
said by kpatz:
I'm thinking it has to do with the Phatbot/Agobot backdoor worm/trojan that's been pushed to Mydoom-infected boxes over the past few days. From what I've read it installs a proxy on port 65506.
I think you nailed it. |
|
kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH
1 edit | My 65506 'pot has been targeted 40 times since I put it up yesterday morning - so far only two have pushed data (which I posted earlier), the rest have been connection made, but no data passed.
I haven't seen the "CONNECT [ipaddress]" strings that Link Logger has seen yet. Looks like some sort of spam proxying attempt to me. Was any additional data pushed afterward, such as the contents of the spam? Or did it just drop the connection when it failed to receive the desired response? |
|
| said by kpatz:
My 65506 'pot has been targeted 40 times since I put it up yesterday morning - so far only two have pushed data (which I posted earlier), the rest have been connection made, but no data passed.
Some of those may be your ISP scanning for it like Cox has: »Security scan 28745 - 28747 |
|
|
|
Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 Reviews:
·Shaw
1 edit | reply to kpatz
They are definitely trying to use my pot as a spam proxy, but of course it fails and the only thing I see are the connect attempts. That is why I said a bunch of people owe me for screwing up this attempt otherwise they would be getting spam.
Edit -> just checked it and its still being used by at least 35 IP Addresses and over a 1000 hits.
Blake |
|
kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH
1 edit | reply to inTulsa
said by inTulsa:
Some of those may be your ISP scanning for it like Cox has: »Security scan 28745 - 28747
I just checked the logs - though I've seen some scans from Comcast IPs they appear to be customer DHCP IP addresses and not security scans originated by Comcast. If they do start scanning I guess I'd have to take my honeypot down so they don't accuse me of being a spam zombie. 
Whoa... I'm getting the spam proxy attempts on my pot now. Update at 11... I may take the pot down shortly to protect my internet connection... |
|
Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 Reviews:
·Shaw
1 edit | reply to Link Logger
65506 Traffic |
Edit -> Current hit rate is about 1.5 hits per second so the chart is climbing fast.
Blake |
|
kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH
3 edits | reply to kpatz
Update: I logged the following spam proxy attempts before I shut down the pot on 65506 and closed the port on the firewall. These came in over a approx. 30 minute period. The first column is the source IP/port, the rest was the data passed by that IP/port. quote:
209.126.185.85:4287 CONNECT maila.microsoft.com 25 HTTP/1.0
209.126.185.85:3722 CONNECT maila.microsoft.com 25 HTTP/1.0
209.126.185.85:1036 CONNECT maila.microsoft.com 25 HTTP/1.0
209.126.185.85:2960 CONNECT maila.microsoft.com 25 HTTP/1.0
209.126.185.85:1329 CONNECT maila.microsoft.com 25 HTTP/1.0
209.126.185.85:4687 CONNECT maila.microsoft.com 25 HTTP/1.0
209.126.185.85:2062 CONNECT maila.microsoft.com 25 HTTP/1.0
209.126.185.85:4925 CONNECT maila.microsoft.com 25 HTTP/1.0
209.126.185.85:2537 CONNECT maila.microsoft.com 25 HTTP/1.0
209.126.185.85:3694 CONNECT maila.microsoft.com 25 HTTP/1.0
209.126.185.85:1589 CONNECT maila.microsoft.com 25 HTTP/1.0
209.126.185.85:2828 CONNECT maila.microsoft.com 25 HTTP/1.0
66.36.240.76:2859 CONNECT 212.12.0.3 25 HTTP/1.0
66.36.240.76:4351 CONNECT 205.167.84.40 25 HTTP/1.0
66.36.240.76:1371 CONNECT 212.17.0.22 25 HTTP/1.0
66.36.240.76:1577 CONNECT 69.93.117.246 25 HTTP/1.0
66.36.240.76:1712 CONNECT 81.221.250.53 25 HTTP/1.0
66.36.240.76:2266 CONNECT 213.149.32.10 25 HTTP/1.0
209.126.185.150:1822 CONNECT 165.21.74.114 25 HTTP/1.0
209.126.185.150:4108 CONNECT 12.33.95.4 25 HTTP/1.0
209.126.185.150:4219 CONNECT 165.76.15.136 25 HTTP/1.0
209.51.212.114:2160 CONNECT 152.160.7.138 25 HTTP/1.0
66.36.240.76:2051 CONNECT 205.188.158.57 25 HTTP/1.0
209.51.212.114:3601 CONNECT 216.69.192.37 25 HTTP/1.0
209.51.212.114:1898 CONNECT 12.16.224.9 25 HTTP/1.0
209.51.212.130:3472 CONNECT 198.165.246.16 25 HTTP/1.0
66.36.240.76:4218 CONNECT 196.15.163.22 25 HTTP/1.0
66.36.240.76:4636 CONNECT 207.150.192.13 25 HTTP/1.0
209.126.185.150:1228 CONNECT 12.158.34.245 25 HTTP/1.0
209.51.212.130:3914 CONNECT 207.175.220.60 25 HTTP/1.0
209.51.212.130:4488 CONNECT 207.154.64.17 25 HTTP/1.0
66.36.240.76:2589 CONNECT 207.1.160.162 25 HTTP/1.0
209.51.212.114:3918 CONNECT 141.154.93.109 25 HTTP/1.0
66.36.240.76:1084 CONNECT 4.42.225.83 25 HTTP/1.0
209.51.212.130:1958 CONNECT 80.161.239.146 25 HTTP/1.0
209.51.212.130:4045 CONNECT 65.38.161.99 25 HTTP/1.0
209.126.185.150:2907 CONNECT 192.246.76.129 25 HTTP/1.0
209.126.185.150:3045 CONNECT 12.158.34.245 25 HTTP/1.0
66.36.240.76:1451 CONNECT 62.142.5.28 25 HTTP/1.0
66.36.240.76:3440 CONNECT 63.240.161.100 25 HTTP/1.0
209.126.185.150:3985 CONNECT 209.202.220.212 25 HTTP/1.0
209.51.212.114:4508 CONNECT 66.209.74.41 25 HTTP/1.0
209.51.212.130:3498 CONNECT 192.138.195.38 25 HTTP/1.0
209.51.212.130:1611 CONNECT 209.114.200.45 25 HTTP/1.0
209.51.212.114:2327 CONNECT 64.124.170.131 25 HTTP/1.0
209.51.212.114:2453 CONNECT 199.171.54.203 25 HTTP/1.0
209.51.212.114:2684 CONNECT 66.250.110.252 25 HTTP/1.0
209.51.212.114:3400 CONNECT 65.116.133.2 25 HTTP/1.0
209.51.212.130:3105 CONNECT 63.112.169.25 25 HTTP/1.0
66.36.240.76:2806 CONNECT 24.4.56.51 25 HTTP/1.0
209.51.212.130:2322 CONNECT 194.182.148.158 25 HTTP/1.0
209.51.212.130:1426 CONNECT 216.70.31.96 25 HTTP/1.0
209.51.212.114:2275 CONNECT 212.107.32.204 25 HTTP/1.0
209.126.185.150:1192 CONNECT 168.171.3.252 25 HTTP/1.0
209.126.185.150:4079 CONNECT 216.200.145.35 25 HTTP/1.0
209.51.212.130:2719 CONNECT 64.224.219.122 25 HTTP/1.0
209.51.212.130:4801 CONNECT 202.147.57.6 25 HTTP/1.0
66.36.240.76:3514 CONNECT 165.76.15.136 25 HTTP/1.0
66.36.240.76:3579 CONNECT 207.212.37.163 25 HTTP/1.0
66.36.240.76:3826 CONNECT 63.82.150.4 25 HTTP/1.0
209.51.212.130:1936 CONNECT 63.240.165.100 25 HTTP/1.0
209.51.212.130:1123 CONNECT 193.189.160.18 25 HTTP/1.0
209.126.185.150:4769 CONNECT 207.188.222.21 25 HTTP/1.0
209.126.185.150:2112 CONNECT 216.173.237.171 25 HTTP/1.0
209.126.185.150:2868 CONNECT 63.68.159.251 25 HTTP/1.0
209.51.212.114:1300 CONNECT 63.240.161.100 25 HTTP/1.0
209.126.185.150:1265 CONNECT 209.202.222.10 25 HTTP/1.0
209.51.212.114:1947 CONNECT 66.111.12.66 25 HTTP/1.0
209.126.185.150:2194 CONNECT 12.147.64.228 25 HTTP/1.0
209.126.185.150:2657 CONNECT 219.94.53.243 25 HTTP/1.0
209.51.212.114:4682 CONNECT 12.106.7.82 25 HTTP/1.0
209.51.212.114:1945 CONNECT 12.158.34.245 25 HTTP/1.0
209.126.185.150:1882 CONNECT 199.171.54.202 25 HTTP/1.0
209.51.212.130:2455 CONNECT 207.20.18.130 25 HTTP/1.0
209.126.185.150:2302 CONNECT 216.185.69.72 25 HTTP/1.0
209.51.212.130:1132 CONNECT 216.221.54.42 25 HTTP/1.0
209.51.212.130:1162 CONNECT 12.158.38.251 25 HTTP/1.0
209.51.212.130:4543 CONNECT 199.224.64.60 25 HTTP/1.0
They're still hitting the port... hopefully they'll stop soon now that it's closed. |
|
kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH | I've had nearly 1000 hits on 65506 in the past 34 minutes, and the port is closed. This is getting ridiculous. |
|
Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 | reply to kpatz
Yep I'm seeing these too, b@stards, which is interesting as it appears to be the same group that hit both of our pots.
Blake |
|
kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH
2 edits | Once my Linux box compiles the firewall logs (it does this once per hour), I can compile statistics per IP. Maybe fire off a few emails to ISP abuse addresses...
1415 hits now. Good thing they're just SYN packets, nothing to choke my 'net connection. Still, they're freakin' idiots, connection refused means just that, hitting the port repeatedly isn't going to make it magically open up again... |
|
kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH | Here's the hardest hitting IPs:
SourceIP,Host Name,Count
69.44.157.236,mn1.mixman.at,182
69.44.155.167,ev1.blad.nl,180
69.44.154.211,dns.exotic.de,164
69.44.152.226,df1.kilma.se,163
209.51.212.114,,162
209.51.212.130,,160
69.44.157.23,ws1.laxku.ch,159
69.44.156.234,om.monasterio.cr,159
209.126.185.150,,158
209.126.185.145,,149
69.44.157.21,ns1.jindira.ch,144
216.65.116.155,,131
216.65.117.98,,129
216.65.117.94,,121
209.126.185.85,,117
216.65.117.7,,114
69.44.157.26,dt2.primorski.se,106
66.36.240.76,sls-ce12p13.dca2.superb.net,104
203.98.177.84,,69 |
|
Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 Reviews:
·Shaw
| reply to Link Logger
Attached is an HTML report showing who my bad boys are.
Blake
IP Address Hostname Port Events Last Event
209.51.212.114 XLHOST 65506 349 11/03/2004 5:19:01 PM
209.126.185.150 DEDICATED15 65506 341 11/03/2004 5:19:11 PM
209.51.212.130 XLDED45454 65506 315 11/03/2004 5:18:15 PM
69.44.157.236 mn1.mixman.at 65506 297 11/03/2004 5:19:14 PM
66.36.240.76 sls-ce12p13.dca2.superb.net 65506 292 11/03/2004 5:17:36 PM
216.65.117.94 - Not Found - 65506 264 11/03/2004 5:18:42 PM
69.44.155.167 ev1.blad.nl 65506 258 11/03/2004 5:15:50 PM
69.44.152.226 df1.kilma.se 65506 251 11/03/2004 5:14:02 PM
216.65.116.155 - Not Found - 65506 250 11/03/2004 5:19:15 PM
69.44.154.211 dns.exotic.de 65506 235 11/03/2004 5:14:54 PM
69.44.156.234 om.monasterio.cr 65506 235 11/03/2004 5:07:25 PM
216.65.117.98 - Not Found - 65506 224 11/03/2004 5:18:35 PM
69.44.157.23 ws1.laxku.ch 65506 224 11/03/2004 5:18:15 PM
69.44.157.21 ns1.jindira.ch 65506 224 11/03/2004 5:17:06 PM
209.126.185.85 DEDICATED8 65506 215 11/03/2004 5:19:08 PM
216.65.117.7 - Not Found - 65506 207 11/03/2004 5:19:14 PM
69.44.157.26 dt2.primorski.se 65506 180 11/03/2004 5:18:22 PM
209.126.185.145 DEDICATED14 65506 140 11/03/2004 5:19:18 PM
209.126.185.116 DEDICATED1 65506 77 11/03/2004 4:56:57 AM
203.98.177.84 IS~D46 65506 50 11/03/2004 2:32:36 PM
38.112.121.130 - Not Found - 65506 31 11/03/2004 4:03:18 PM
67.172.223.250 c-67-172-223-250.client.comcast.net 65506 12 11/03/2004 2:45:27 AM
65.49.48.218 CPE000625768b74-CM013439900620.cpe.net.cable.rogers.com 65506 8 11/03/2004 3:01:38 PM
24.1.15.200 c-24-1-15-200.client.comcast.net 65506 7 11/03/2004 4:35:22 PM
210.245.151.71 - Not Found - 65506 5 11/03/2004 11:38:39 AM
38.112.121.153 - Not Found - 65506 4 11/03/2004 12:55:37 PM
64.222.46.181 dpvc-64-222-46-181.prov.east.verizon.net 65506 3 11/03/2004 11:40:07 AM
211.123.235.39 p0293-ip01kyoto.kyoto.ocn.ne.jp 65506 1 11/03/2004 3:51:00 PM
61.185.11.208 HBNETBAR-KLU866 65506 1 11/03/2004 2:48:58 PM
65.94.109.108 - Not Found - 65506 1 11/03/2004 2:42:39 PM
24.132.15.43 node10f2b.a2000.nl 65506 1 11/03/2004 2:33:12 PM
211.195.60.127 - Not Found - 65506 1 11/03/2004 2:11:40 PM
64.160.23.42 adsl-64-160-23-42.dsl.lsan03.pacbell.net 65506 1 11/03/2004 2:11:01 PM
221.151.96.144 - Not Found - 65506 1 11/03/2004 2:10:53 PM
63.109.117.237 - Not Found - 65506 1 11/03/2004 2:09:22 PM
210.107.69.102 - Not Found - 65506 1 11/03/2004 2:01:38 PM
212.106.160.242 mil242.milnet.silesianet.pl 65506 1 11/03/2004 1:58:21 PM
203.218.238.41 pcd448041.netvigator.com 65506 1 11/03/2004 1:30:30 AM
61.177.60.194 - Not Found - 65506 1 11/03/2004 12:36:15 AM
210.183.16.177 - Not Found - 65506 1 11/03/2004 12:02:07 AM
211.104.126.114 - Not Found - 65506 1 10/03/2004 11:45:26 PM
211.180.246.208 FOURTEEN 65506 1 10/03/2004 11:35:05 PM
61.109.232.106 - Not Found - 65506 1 10/03/2004 11:21:06 PM
211.168.250.214 - Not Found - 65506 1 10/03/2004 10:08:48 PM
61.109.232.73 CLASS3-8 65506 1 10/03/2004 9:06:49 PM
210.107.78.214 - Not Found - 65506 1 10/03/2004 6:39:46 PM
202.155.149.166 - Not Found - 65506 1 10/03/2004 2:51:39 PM
202.101.161.218 - Not Found - 65506 1 10/03/2004 8:39:59 AM
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 Reviews:
·Shaw
| reply to Link Logger
Every system in your list is in my list as well.
69.44.157.236 mn1.mixman.at
69.44.155.167 ev1.blad.nl
69.44.154.211 dns.exotic.de
69.44.152.226 df1.kilma.se
209.51.212.114 XLHOST
209.51.212.130 XLDED45454
69.44.157.23 ws1.laxku.ch
69.44.156.234 om.monasterio.cr
209.126.185.150 DEDICATED15
209.126.185.145 DEDICATED14
69.44.157.21 ns1.jindira.ch
216.65.116.155 - Not Found -
216.65.117.98 - Not Found -
216.65.117.94 - Not Found -
209.126.185.85 DEDICATED8
216.65.117.7 - Not Found -
69.44.157.26 dt2.primorski.se
66.36.240.76 sls-ce12p13.dca2.superb.net
203.98.177.84 IS~D46
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH | 2033 hits in the past 38 minutes. Sheesh. Will this go on forever? Hopefully Comcast won't notice the large number of scans on my IP and "assume" I'm relaying spam. |
|
