any 1 no wot this is ? plz

Discussion in 'malware problems & news' started by kate, Jan 3, 2003.

Thread Status:
Not open for further replies.
  1. kate

    kate Guest

    o_O217.32.247.131 CONTENT DISTRIBUTION NETWORK
    as it seems to have a constant connection 2 my comp ?on port 1193 is it spy ware or sumthin?plz help .
    thanks
     
  2. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hi Kate

    There is a server identifies itself as Footprint V.2.05, located in GB. You take a look yourself :
    http://www.dnsstuff.com/

    ;)
    *Ari*
     
  3. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Steve Gibson´s ID Serve got this information:

    Initiating server query ...
    Looking up the domain name for IP: 217.32.247.131
    (The domain name for the specified IP address could not be found.)
    Connecting to the server on standard HTTP port: 80
    [Connected] Requesting the server's default page.
    The server returned the following response headers:
    HTTP/1.1 404 Not Found
    Date: Fri, 03 Jan 2003 18:41:40 GMT
    Content-Length: 163
    Content-Type: text/html
    Server: Footprint V2.05
    Connection: close
    Query complete.

    So, this might not be your own ISP I guess.....Do you consider any good firewall, like ZoneAlarm ?

    regards *Ari*
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Looks like British Telecom, but I can´t find any known applications using that port o_O

    Could you download HijackThis and post the log it creates.
    Or, if you´re not comfortable with posting it, mail or IM it to me.

    Regards,

    Pieter
     
  5. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Yeah...
    Google gave me no clues either.......a trojan ?
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Not according to the site I use for that: http://www.simovits.com/nyheter9902.html

    Regards,

    Pieter
     
  7. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Oh yeah Pieter, seems familiar for me ;)
    But how about a new unlisted trojan ?
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Could be, Krusty. Or spyware?
    I guess we´ll have to wait for the log.

    Regards,

    Pieter
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    The WHOIS (in Port Explorer) gave me this
    % This is the RIPE Whois server.
    % The objects are in RPSL format.
    %
    % Rights restricted by copyright.
    % See http://www.ripe.net/ripencc/pub-services/db/copyright.html

    inetnum: 217.32.246.0 - 217.32.247.255
    netname: BT-CORE
    descr: CONTENT DISTRIBUTION NETWORK
    country: GB
    admin-c: BS1474-RIPE
    tech-c: BS1474-RIPE
    status: ASSIGNED PA
    remarks: Please send abuse notification to abuse@bt.net
    mnt-by: BTNET-MNT
    mnt-lower: BTNET-MNT
    mnt-routes: BTNET-MNT
    changed: preston.dialip@bt.com 20000419
    changed: preston.dialip@bt.com 20010628
    changed: preston.dialip@bt.com 20020724
    source: RIPE

    route: 217.32.0.0/12
    descr: BT Public Internet Service
    origin: AS2856
    mnt-by: BTNET-MNT
    changed: support@bt.net 20021204
    source: RIPE

    role: BTnet Support
    address: 154 St Albans Rd
    address: Sandridge
    address: St Albans
    address: Hertfordshire
    address: AL4 9NH
    address: GB
    phone: +44 1189 512313
    e-mail: support@bt.net
    trouble: support@bt.net
    admin-c: FLS15-RIPE
    tech-c: BS1474-RIPE
    nic-hdl: BS1474-RIPE
    remarks: For all queries contact support@bt.net
    mnt-by: BTNET-MNT
    changed: preston.dialip@bt.com 20010613
    changed: support@bt.net 20011112
    changed: preston.dialip@bt.com 20020430
    source: RIPE


    The port 1193 did not give a thing yet.
     
  10. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Hi Jooske,

    I give a phone call now and ask who´s ip might be... +44 1189 512313 :D

    Have a nice weekend !

    *Ari*
     
  11. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    More info on Google about the phone number:
    http://www.spambrigade.com/memberreports/Morpheus/morph184.txt

    *Ari* :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.