[Dshield] FW: TAA SERVER ALERT: Blocked abuse from 76.64.244.160
Dave Hull
dphull at trustedsignal.com
Sun Dec 16 15:46:39 GMT 2007
On 12/15/07, Team Amber Beistle <beistle_jr at hotmail.com> wrote:
> To whom it may concern:
>
> What can be done to end the phish schema and bot scripts from chat.ru? It seems clear the
> owner is involved in some fashion. The are certainly only helping when forced to.
Is the IP address in the subject related to chat.ru?
[dphull at insipid ~]$ dig -x 76.64.244.160
; <<>> DiG 9.2.4 <<>> -x 76.64.244.160
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40004
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;160.244.64.76.in-addr.arpa. IN PTR
;; ANSWER SECTION:
160.244.64.76.in-addr.arpa. 4628 IN PTR
bas14-montreal02-1279325344.dsl.bell.ca.
;; AUTHORITY SECTION:
64.76.in-addr.arpa. 66153 IN NS toroon63nszp05.srvr.bell.ca.
;; ADDITIONAL SECTION:
toroon63nszp05.srvr.bell.ca. 3306 IN A 207.164.234.36
;; Query time: 1 msec
;; SERVER: 208.78.97.155#53(208.78.97.155)
;; WHEN: Sun Dec 16 10:40:58 2007
;; MSG SIZE rcvd: 147
[dphull at insipid ~]$ dig chat.ru
; <<>> DiG 9.2.4 <<>> chat.ru
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58827
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;; QUESTION SECTION:
;chat.ru. IN A
;; ANSWER SECTION:
chat.ru. 86400 IN A 195.161.119.67
;; AUTHORITY SECTION:
chat.ru. 60581 IN NS ns2.internal.ru.
chat.ru. 60581 IN NS ns3.internal.ru.
chat.ru. 60581 IN NS ns1.internal.ru.
;; Query time: 371 msec
;; SERVER: 208.78.97.155#53(208.78.97.155)
;; WHEN: Sun Dec 16 10:42:50 2007
;; MSG SIZE rcvd: 104
--
Dave Hull
CISSP, GCIH, GREM, SSP-MPA, CHFI
Trusted Signal, LLC
http://trustedsignal.com
Tel. 785.424.0832
More information about the list
mailing list