Time Closed (UTC) ISP Incident ID Comment
18 Mar 2004 18:19:55 surfsouth.com 81292527 Responsible party indicated that the customer was warned.
18 Mar 2004 17:52:21 surfsouth.com 81289792 Responsible party indicated that the customer was warned.
18 Mar 2004 17:45:11 surfsouth.com 81295109 Responsible party indicated that the customer was warned.
18 Mar 2004 17:38:24 dca.net 81258358 Date: Thu, 18 Mar 2004 12:38:18 -0500 Subject: [support.dca.net #52195] (abuse) myNetWatchman Incident [81258358] From: David Roehsler via RT From Address: abuse@support.dca.net Hello, Our customer has been contacted. Please let me know if you see anymore traffic of this type from DCANet's network. David Roehsler DCANet Technical Support Manager On Thu, 18 Mar 2004, myNetWatchman via RT wrote: > myNetWatchman Incident [81258358] Src
207.245.79.1
Targets:3 > > > FYI, > > Based on multiple reports from myNetWatchman users, we believe that the > following host is compromised or infected: > > Source IP: 207.245.79.18 > Source DNS: > Time Zone: UTC > > Event Date Time, Destination I
18 Mar 2004 17:35:39 earthlink.net 81295090 Responsible party indicated that the customer was warned.
18 Mar 2004 17:26:21 athenet.net 80919144 No one was using the specified IP address at the time indicated.
18 Mar 2004 17:01:26 athenet.net 80476646 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 16:42:31 xs4all.nl 71476592 Responsible party indicated that incident was a false positive.
18 Mar 2004 16:06:26 surfnet.nl 81197151 Responsible party indicated that the customer was warned.
18 Mar 2004 16:06:07 surfnet.nl 81296636 Responsible party indicated that the customer was warned.
18 Mar 2004 16:05:53 surfnet.nl 79853223 Responsible party indicated that the customer was warned.
18 Mar 2004 16:05:28 surfnet.nl 80990054 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 16:04:35 surfnet.nl 80223368 Responsible party indicated that the customer was warned.
18 Mar 2004 16:03:25 surfnet.nl 80794482 Responsible party indicated that the customer was warned.
18 Mar 2004 16:02:34 surfnet.nl 80635752 Responsible party indicated that the customer was warned.
18 Mar 2004 15:58:17 surfnet.nl 78210589 Responsible party indicated that the customer was warned.
18 Mar 2004 15:57:32 surfnet.nl 78649686 Responsible party indicated that the customer was warned.
18 Mar 2004 15:55:49 surfnet.nl 78351341 Klant heeft vrijdag naar dit probleem gekeken.
18 Mar 2004 15:53:00 surfnet.nl 77607021 Responsible party indicated that the customer was warned.
18 Mar 2004 15:36:33 infonet.com 78211898 we are looking into this matter at this moment. feel free to contact me for more info. Mark Patka Infonet Netherlands Teamlead. mpa@infonet.nl
18 Mar 2004 15:33:50 imbris.com 72970133 Customer identified and contact initiated. Host taken offline until resolved.
18 Mar 2004 14:46:14 sisna.com 81138738 Responsible party indicated that the customer was warned.
18 Mar 2004 14:38:22 ku.edu 81086915 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 13:40:24 voyager.net 81259298 Issue Resolved
18 Mar 2004 13:30:20 datagrama.net 79543352 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 12:51:38 powertech.no 80196558 Responsible party indicated that the customer was warned.
18 Mar 2004 12:05:25 freebit.net 81344105 Responsible party indicated that the customer was warned.
18 Mar 2004 11:59:43 powertech.no 81151187 Responsible party indicated that the customer was warned.
18 Mar 2004 11:54:55 freebit.net 81133620 Responsible party indicated that the customer was warned.
18 Mar 2004 11:54:47 freebit.net 81087248 Responsible party indicated that the customer was warned.
18 Mar 2004 11:54:36 freebit.net 80066175 Responsible party indicated that the customer was warned.
18 Mar 2004 11:44:17 telkom.co.za 78119913 Date: Thu, 18 Mar 2004 11:03:42 +0200 Subject: Virus! From: SAIX Abuse From Address: abuse@saix.net Good day Viruses occurred and the origination from this type of abuse was traced from IP: 196.15.205.115. This IP address belongs to EC Network Services Please investigate and take the necessary action as this is against the SAIX User Policy. It would also be appreciated if a reply could be sent to all recipients of this mail explaining the actions that will be taken to prevent a recurrence. Regards Willy Abuse@saix.net myNetWatchman Incident [78119913] Src 196.15.205.115) Targets:2 FYI, Based on multiple reports from myNetWatchman users, we believe that the following host i
18 Mar 2004 11:23:52 powertech.no 81046929 Responsible party indicated that the customer was warned.
18 Mar 2004 11:08:11 uninett.no 80115182 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 11:02:51 powertech.no 80997901 Responsible party indicated that the customer was warned.
18 Mar 2004 10:36:50 noc.dfn.de 78402163 Host has been blocked at Firewall from all internet activities and taken offline, untill staff members verify/report proper action has been taken.
18 Mar 2004 10:00:12 telia.net 81057091 Responsible party indicated that the customers service was terminated.
18 Mar 2004 10:00:11 garr.it 74192864 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 09:45:49 telia.net 79764804 Responsible party indicated that the customers service was terminated.
18 Mar 2004 09:39:51 powertech.no 80965176 Responsible party indicated that the customer was warned.
18 Mar 2004 09:36:49 kct.co.jp 80584374 Responsible party indicated that the customer was warned.
18 Mar 2004 09:10:09 telkom.co.za 81176507 Date: Thu, 18 Mar 2004 10:14:31 +0200 Subject: Virus! From: SAIX Abuse From Address: abuse@saix.net Good day Viruses occurred and the origination from this type of abuse was traced from IP: 196.25.66.238. This IP address belongs to Loss Control Management Services (PTY) LTD Please investigate and take the necessary action as this is against the SAIX User Policy. It would also be appreciated if a reply could be sent to all recipients of this mail explaining the actions that will be taken to prevent a recurrence. Regards Willy Abuse@saix.net myNetWatchman Incident [81176507] Src 196.25.66.23 Targets:1 FYI, Based on multiple reports from myNetWatchman users, we believe that the fo
18 Mar 2004 09:09:49 cybercity.dk 79695715 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 08:52:17 uninett.no 68107097 This is an irc-server, and as many other irc-servers nowadays it performs a number of standard tests towards any host connecting to it - to avoid abuse of backdoors, ironically enough some of them mentionned in the complaint. Also ports 3128, 8080, 81 and 8081 were checked, and also a connection attempt to port 113 should be seen. Regards, abuse@pvv.ntnu.no
18 Mar 2004 08:41:40 carnet.hr 80408811 Responsible party indicated that the customer was warned.
18 Mar 2004 07:17:31 freebit.net 80976935 Responsible party indicated that the customer was warned.
18 Mar 2004 07:17:22 freebit.net 80927265 Responsible party indicated that the customer was warned.
18 Mar 2004 07:04:07 k-opti.com 80354691 Responsible party indicated that the customer was warned.
18 Mar 2004 07:02:26 k-opti.com 76023047 Responsible party indicated that the customer was warned.
18 Mar 2004 06:35:58 bellsouth.net 81164375 Date: Thu, 18 Mar 2004 01:29:32 EST Subject: Re: myNetWatchman Incident [81164375] Src 68.18.70.127) Targets:3 From: From Address: abuse-bounce@corp.bellsouth.net Dear Sir or Madam: This is an AUTO-REPLY to acknowledge that your mail to the Abuse Department of BellSouth Internet Services has been received and to provide some information on our abuse policies and procedures. Please DO NOT REPLY to this message. BellSouth Internet Services does not allow or condone any abuse of our Acceptable Use Policies, and we maintain a "zero tolerance" policy towards spam and network abuse of any kind. Because we take your complaints seriously, we investigate each case fully. Once the investigation is complete, action in accord
18 Mar 2004 06:35:57 bellsouth.net 81164375 Date: Thu, 18 Mar 2004 01:29:32 EST Subject: Re: myNetWatchman Incident [81164375] Src 68.18.70.127) Targets:3 From: From Address: abuse-bounce@corp.bellsouth.net Dear Sir or Madam: This is an AUTO-REPLY to acknowledge that your mail to the Abuse Department of BellSouth Internet Services has been received and to provide some information on our abuse policies and procedures. Please DO NOT REPLY to this message. BellSouth Internet Services does not allow or condone any abuse of our Acceptable Use Policies, and we maintain a "zero tolerance" policy towards spam and network abuse of any kind. Because we take your complaints seriously, we investigate each case fully. Once the investigation is complete, action in accord
18 Mar 2004 06:35:55 bellsouth.net 81164375 Date: Thu, 18 Mar 2004 01:29:32 EST Subject: Re: myNetWatchman Incident [81164375] Src 68.18.70.127) Targets:3 From: From Address: abuse-bounce@corp.bellsouth.net Dear Sir or Madam: This is an AUTO-REPLY to acknowledge that your mail to the Abuse Department of BellSouth Internet Services has been received and to provide some information on our abuse policies and procedures. Please DO NOT REPLY to this message. BellSouth Internet Services does not allow or condone any abuse of our Acceptable Use Policies, and we maintain a "zero tolerance" policy towards spam and network abuse of any kind. Because we take your complaints seriously, we investigate each case fully. Once the investigation is complete, action in accord
18 Mar 2004 04:32:32 rr.com 80955200 Responsible party indicated that action has been taken.
18 Mar 2004 04:17:20 rr.com 80980647 Responsible party indicated that action has been taken.
18 Mar 2004 02:50:57 freebit.net 81050888 Responsible party indicated that the customer was warned.
18 Mar 2004 02:50:45 freebit.net 81010733 Responsible party indicated that the customer was warned.
18 Mar 2004 02:50:37 freebit.net 81050884 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:48 freebit.net 80893085 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:40 freebit.net 81005359 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:33 freebit.net 80819795 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:26 freebit.net 81015759 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:17 freebit.net 80991423 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:11 freebit.net 80993701 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:04 freebit.net 81098397 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:57 freebit.net 80985196 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:46 freebit.net 81143552 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:38 freebit.net 80628725 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:30 freebit.net 80885281 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:20 freebit.net 81215922 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:11 freebit.net 81232714 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:03 freebit.net 79413105 Responsible party indicated that the customer was warned.
18 Mar 2004 01:13:55 freebit.net 80927004 Responsible party indicated that the customer was warned.
17 Mar 2004 23:20:15 att.net 81126502 Responsible party indicated that action has been taken.
17 Mar 2004 23:18:48 cbeyond.net 80881724 Thank you for forwarding the information on the virus incident you experienced. Cbeyond Communications takes these matters seriously and is taking the appropriate action. The issue is being investigated and the owner of the IP address from where this incident originated has been notified of this matter and disciplined. For further inquiries on this incident or future matters, please contact us at abuse@cbeyond.net. Cbeyond Technical Support
17 Mar 2004 23:16:31 cbeyond.net 81020120 Thank you for forwarding the information on the virus incident you experienced. Cbeyond Communications takes these matters seriously and is taking the appropriate action. The issue is being investigated and the owner of the IP address from where this incident originated has been notified of this matter and disciplined. For further inquiries on this incident or future matters, please contact us at abuse@cbeyond.net. Cbeyond Technical Support
17 Mar 2004 23:15:45 att.net 81125660 Responsible party indicated that action has been taken.
17 Mar 2004 23:09:17 cbeyond.net 76654503 Thank you for forwarding the information on the virus incident you experienced. Cbeyond Communications takes these matters seriously and is taking the appropriate action. The issue is being investigated and the owner of the IP address from where this incident originated has been notified of this matter and disciplined. For further inquiries on this incident or future matters, please contact us at abuse@cbeyond.net. Cbeyond Technical Support
17 Mar 2004 22:44:41 cbeyond.net 80928825 Thank you for forwarding the information on the virus incident you experienced. Cbeyond Communications takes these matters seriously and is taking the appropriate action. The issue is being investigated and the owner of the IP address from where this incident originated has been notified of this matter and disciplined. For further inquiries on this incident or future matters, please contact us at abuse@cbeyond.net. Cbeyond Technical Support
17 Mar 2004 22:14:35 accesstoledo.com 80669740 Thank you for your email notification. This e-mail is to let you know that we have received the complaint, researched it, and the subscriber has been dealt with according to the terms of our terms of service, acceptable use policy and abuse policy. If you have any concerns or questions please e-mail abuse@accesstoledo.com. Sincerely, Access Toledo Abuse Team
17 Mar 2004 22:14:23 att.net 81114032 Responsible party indicated that action has been taken.
17 Mar 2004 22:10:44 cbeyond.net 74170383 Thank you for forwarding the information on the virus incident you experienced. Cbeyond Communications takes these matters seriously and is taking the appropriate action. The issue is being investigated and the owner of the IP address from where this incident originated has been notified of this matter and disciplined. For further inquiries on this incident or future matters, please contact us at abuse@cbeyond.net. Cbeyond Technical Support
17 Mar 2004 22:02:57 colostate.edu 81020845 Greg Redder at CSU NOC staff has identified this person and e-mailed her a note indicating that we recommend the system be rebuilt. We asked that it be disconnected from the modem network ASAP. --Greg
17 Mar 2004 21:59:58 bu.edu 73615698 Responsible party indicated that the customer was warned.
17 Mar 2004 20:57:20 surfsouth.com 81092685 Responsible party indicated that the customer was warned.
17 Mar 2004 20:55:00 cbeyond.net 75707334 Thank you for forwarding the information on the virus incident you experienced. Cbeyond Communications takes these matters seriously and is taking the appropriate action. The issue is being investigated and the owner of the IP address from where this incident originated has been notified of this matter and disciplined. For further inquiries on this incident or future matters, please contact us at abuse@cbeyond.net. Cbeyond Technical Support
17 Mar 2004 20:36:33 nyu.edu 80171943 Responsible party indicated that action has been taken.
17 Mar 2004 20:19:37 bu.edu 78423695 Responsible party indicated that the customer was warned.
17 Mar 2004 20:16:16 ucsb.edu 76198255 Router filter applied to block suspect traffic.
17 Mar 2004 20:11:46 ucsb.edu 77017059 Router filter applied to block suspect traffic.
17 Mar 2004 19:59:02 bu.edu 80853977 Responsible party indicated that the customer was warned.
17 Mar 2004 19:53:16 surfsouth.com 81092088 Responsible party indicated that the customer was warned.
17 Mar 2004 19:47:14 nyu.edu 80000366 Responsible party indicated that action has been taken.
17 Mar 2004 19:42:37 bu.edu 78651996 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
17 Mar 2004 19:35:06 bu.edu 78500571 Responsible party indicated that the customer was warned.
17 Mar 2004 19:35:05 aecom.yu.edu 81124028 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
17 Mar 2004 19:25:28 maxim.net 79719372 Date: Wed, 17 Mar 2004 14:24:35 -0500 Subject: Incident [Ticket: 1173971] - Ticket number 1173971 From: Gavin Winterfeldt From Address: abuse@hostcentric.com Hello, I have notified our client of your complaint. Please let me know if the problem persists. Thank you, Gavin W. Hostcentric Abuse We have taken the above action on your ticket and believe it satisfies your service request. If you feel additional steps are required please reply back to this message with the ticket number in the subject line and we will reopen the ticket. If you have any questions please do not hesitate to contact us. Thank you for allowing us to serve you. -----Original Message----- From: updatestatusonly@mynetwatchman.com Sent: Saturd
17 Mar 2004 19:22:12 corridor.net 74355590 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
17 Mar 2004 19:13:54 telecom.net.ar 80802187 We have reported this incident to PRIMA (abuse@ciudad.com.ar) ISP who manages the user account with the IP address at the time of the report. Regards Administracion Abuse Telecom Argentina
17 Mar 2004 19:12:00 utk.edu 78597270 Responsible party indicated that action has been taken.
17 Mar 2004 19:10:41 utk.edu 78320560 Responsible party indicated that action has been taken.
17 Mar 2004 19:07:31 bu.edu 81004476 Responsible party indicated that the customer was warned.
17 Mar 2004 18:59:02 surfsouth.com 81099150 Responsible party indicated that the customer was warned.
17 Mar 2004 18:46:45 maxim.net 80758423 Date: Wed, 17 Mar 2004 13:46:05 -0500 Subject: Incident [Ticket: 1173663] - Ticket number 1173663 From: Gavin Winterfeldt From Address: abuse@hostcentric.com Hello, I have notified our client. Please let me know if the problem persists. Thank you, Gavin W. We have taken the above action on your ticket and believe it satisfies your service request. If you feel additional steps are required please reply back to this message with the ticket number in the subject line and we will reopen the ticket. If you have any questions please do not hesitate to contact us. Thank you for allowing us to serve you. -----Original Message----- From: updatestatusonly@mynetwatchman.com Sent: Monday, 15/Mar/2004 10:44:00 Subject: myNe
17 Mar 2004 18:42:58 francetelecom.net 76542717 Date: Wed, 17 Mar 2004 19:35:03 +0100 Subject: RE: 80.8.26.134>[ASf:7![0]](http://www.ezboard.com/images/emoticons/alien.gif)
myNetWatchman Incident [76542717] Src 80.8.26.134) Targets:1 From: Abuse Wanadoo Cble From Address: abuse.cable@wanadoo.com Abuse system : ResultDear Sir, The customer to whom has been lent the IP address 80.8.26.134 on March the 11tg (GMT+1) has been contacted by our services. After scrupulous tests and monitoring, it appears clearly that his informatics systems had been corrupted (Kuang 2 zombie) in order to send/relay that Kuang scan around the Net. We are by now helping him to protect his resources. Just after his identification, its owner has been sent an official warning. This letter notifies him he is legally responsible for the any use done
17 Mar 2004 18:26:59 surfsouth.com 81046891 Responsible party indicated that the customer was warned.
Gerald
Chief Forensics Fraud Investigator (tracking & Research)
cigars.bravepages.com/idetintro.htm
18 Mar 2004 18:19:55 surfsouth.com 81292527 Responsible party indicated that the customer was warned.
18 Mar 2004 17:52:21 surfsouth.com 81289792 Responsible party indicated that the customer was warned.
18 Mar 2004 17:45:11 surfsouth.com 81295109 Responsible party indicated that the customer was warned.
18 Mar 2004 17:38:24 dca.net 81258358 Date: Thu, 18 Mar 2004 12:38:18 -0500 Subject: [support.dca.net #52195] (abuse) myNetWatchman Incident [81258358] From: David Roehsler via RT From Address: abuse@support.dca.net Hello, Our customer has been contacted. Please let me know if you see anymore traffic of this type from DCANet's network. David Roehsler DCANet Technical Support Manager On Thu, 18 Mar 2004, myNetWatchman via RT wrote: > myNetWatchman Incident [81258358] Src
207.245.79.1 Targets:3 > > > FYI, > > Based on multiple reports from myNetWatchman users, we believe that the > following host is compromised or infected: > > Source IP: 207.245.79.18 > Source DNS: > Time Zone: UTC > > Event Date Time, Destination I 18 Mar 2004 17:35:39 earthlink.net 81295090 Responsible party indicated that the customer was warned.
18 Mar 2004 17:26:21 athenet.net 80919144 No one was using the specified IP address at the time indicated.
18 Mar 2004 17:01:26 athenet.net 80476646 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 16:42:31 xs4all.nl 71476592 Responsible party indicated that incident was a false positive.
18 Mar 2004 16:06:26 surfnet.nl 81197151 Responsible party indicated that the customer was warned.
18 Mar 2004 16:06:07 surfnet.nl 81296636 Responsible party indicated that the customer was warned.
18 Mar 2004 16:05:53 surfnet.nl 79853223 Responsible party indicated that the customer was warned.
18 Mar 2004 16:05:28 surfnet.nl 80990054 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 16:04:35 surfnet.nl 80223368 Responsible party indicated that the customer was warned.
18 Mar 2004 16:03:25 surfnet.nl 80794482 Responsible party indicated that the customer was warned.
18 Mar 2004 16:02:34 surfnet.nl 80635752 Responsible party indicated that the customer was warned.
18 Mar 2004 15:58:17 surfnet.nl 78210589 Responsible party indicated that the customer was warned.
18 Mar 2004 15:57:32 surfnet.nl 78649686 Responsible party indicated that the customer was warned.
18 Mar 2004 15:55:49 surfnet.nl 78351341 Klant heeft vrijdag naar dit probleem gekeken.
18 Mar 2004 15:53:00 surfnet.nl 77607021 Responsible party indicated that the customer was warned.
18 Mar 2004 15:36:33 infonet.com 78211898 we are looking into this matter at this moment. feel free to contact me for more info. Mark Patka Infonet Netherlands Teamlead. mpa@infonet.nl
18 Mar 2004 15:33:50 imbris.com 72970133 Customer identified and contact initiated. Host taken offline until resolved.
18 Mar 2004 14:46:14 sisna.com 81138738 Responsible party indicated that the customer was warned.
18 Mar 2004 14:38:22 ku.edu 81086915 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 13:40:24 voyager.net 81259298 Issue Resolved
18 Mar 2004 13:30:20 datagrama.net 79543352 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 12:51:38 powertech.no 80196558 Responsible party indicated that the customer was warned.
18 Mar 2004 12:05:25 freebit.net 81344105 Responsible party indicated that the customer was warned.
18 Mar 2004 11:59:43 powertech.no 81151187 Responsible party indicated that the customer was warned.
18 Mar 2004 11:54:55 freebit.net 81133620 Responsible party indicated that the customer was warned.
18 Mar 2004 11:54:47 freebit.net 81087248 Responsible party indicated that the customer was warned.
18 Mar 2004 11:54:36 freebit.net 80066175 Responsible party indicated that the customer was warned.
18 Mar 2004 11:44:17 telkom.co.za 78119913 Date: Thu, 18 Mar 2004 11:03:42 +0200 Subject: Virus! From: SAIX Abuse From Address: abuse@saix.net Good day Viruses occurred and the origination from this type of abuse was traced from IP: 196.15.205.115. This IP address belongs to EC Network Services Please investigate and take the necessary action as this is against the SAIX User Policy. It would also be appreciated if a reply could be sent to all recipients of this mail explaining the actions that will be taken to prevent a recurrence. Regards Willy Abuse@saix.net myNetWatchman Incident [78119913] Src
196.15.205.115) Targets:2 FYI, Based on multiple reports from myNetWatchman users, we believe that the following host i 18 Mar 2004 11:23:52 powertech.no 81046929 Responsible party indicated that the customer was warned.
18 Mar 2004 11:08:11 uninett.no 80115182 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 11:02:51 powertech.no 80997901 Responsible party indicated that the customer was warned.
18 Mar 2004 10:36:50 noc.dfn.de 78402163 Host has been blocked at Firewall from all internet activities and taken offline, untill staff members verify/report proper action has been taken.
18 Mar 2004 10:00:12 telia.net 81057091 Responsible party indicated that the customers service was terminated.
18 Mar 2004 10:00:11 garr.it 74192864 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 09:45:49 telia.net 79764804 Responsible party indicated that the customers service was terminated.
18 Mar 2004 09:39:51 powertech.no 80965176 Responsible party indicated that the customer was warned.
18 Mar 2004 09:36:49 kct.co.jp 80584374 Responsible party indicated that the customer was warned.
18 Mar 2004 09:10:09 telkom.co.za 81176507 Date: Thu, 18 Mar 2004 10:14:31 +0200 Subject: Virus! From: SAIX Abuse From Address: abuse@saix.net Good day Viruses occurred and the origination from this type of abuse was traced from IP: 196.25.66.238. This IP address belongs to Loss Control Management Services (PTY) LTD Please investigate and take the necessary action as this is against the SAIX User Policy. It would also be appreciated if a reply could be sent to all recipients of this mail explaining the actions that will be taken to prevent a recurrence. Regards Willy Abuse@saix.net myNetWatchman Incident [81176507] Src
196.25.66.23 Targets:1 FYI, Based on multiple reports from myNetWatchman users, we believe that the fo 18 Mar 2004 09:09:49 cybercity.dk 79695715 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
18 Mar 2004 08:52:17 uninett.no 68107097 This is an irc-server, and as many other irc-servers nowadays it performs a number of standard tests towards any host connecting to it - to avoid abuse of backdoors, ironically enough some of them mentionned in the complaint. Also ports 3128, 8080, 81 and 8081 were checked, and also a connection attempt to port 113 should be seen. Regards, abuse@pvv.ntnu.no
18 Mar 2004 08:41:40 carnet.hr 80408811 Responsible party indicated that the customer was warned.
18 Mar 2004 07:17:31 freebit.net 80976935 Responsible party indicated that the customer was warned.
18 Mar 2004 07:17:22 freebit.net 80927265 Responsible party indicated that the customer was warned.
18 Mar 2004 07:04:07 k-opti.com 80354691 Responsible party indicated that the customer was warned.
18 Mar 2004 07:02:26 k-opti.com 76023047 Responsible party indicated that the customer was warned.
18 Mar 2004 06:35:58 bellsouth.net 81164375 Date: Thu, 18 Mar 2004 01:29:32 EST Subject: Re: myNetWatchman Incident [81164375] Src
68.18.70.127) Targets:3 From: From Address: abuse-bounce@corp.bellsouth.net Dear Sir or Madam: This is an AUTO-REPLY to acknowledge that your mail to the Abuse Department of BellSouth Internet Services has been received and to provide some information on our abuse policies and procedures. Please DO NOT REPLY to this message. BellSouth Internet Services does not allow or condone any abuse of our Acceptable Use Policies, and we maintain a "zero tolerance" policy towards spam and network abuse of any kind. Because we take your complaints seriously, we investigate each case fully. Once the investigation is complete, action in accord 18 Mar 2004 06:35:57 bellsouth.net 81164375 Date: Thu, 18 Mar 2004 01:29:32 EST Subject: Re: myNetWatchman Incident [81164375] Src
68.18.70.127) Targets:3 From: From Address: abuse-bounce@corp.bellsouth.net Dear Sir or Madam: This is an AUTO-REPLY to acknowledge that your mail to the Abuse Department of BellSouth Internet Services has been received and to provide some information on our abuse policies and procedures. Please DO NOT REPLY to this message. BellSouth Internet Services does not allow or condone any abuse of our Acceptable Use Policies, and we maintain a "zero tolerance" policy towards spam and network abuse of any kind. Because we take your complaints seriously, we investigate each case fully. Once the investigation is complete, action in accord 18 Mar 2004 06:35:55 bellsouth.net 81164375 Date: Thu, 18 Mar 2004 01:29:32 EST Subject: Re: myNetWatchman Incident [81164375] Src
68.18.70.127) Targets:3 From: From Address: abuse-bounce@corp.bellsouth.net Dear Sir or Madam: This is an AUTO-REPLY to acknowledge that your mail to the Abuse Department of BellSouth Internet Services has been received and to provide some information on our abuse policies and procedures. Please DO NOT REPLY to this message. BellSouth Internet Services does not allow or condone any abuse of our Acceptable Use Policies, and we maintain a "zero tolerance" policy towards spam and network abuse of any kind. Because we take your complaints seriously, we investigate each case fully. Once the investigation is complete, action in accord 18 Mar 2004 04:32:32 rr.com 80955200 Responsible party indicated that action has been taken.
18 Mar 2004 04:17:20 rr.com 80980647 Responsible party indicated that action has been taken.
18 Mar 2004 02:50:57 freebit.net 81050888 Responsible party indicated that the customer was warned.
18 Mar 2004 02:50:45 freebit.net 81010733 Responsible party indicated that the customer was warned.
18 Mar 2004 02:50:37 freebit.net 81050884 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:48 freebit.net 80893085 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:40 freebit.net 81005359 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:33 freebit.net 80819795 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:26 freebit.net 81015759 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:17 freebit.net 80991423 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:11 freebit.net 80993701 Responsible party indicated that the customer was warned.
18 Mar 2004 01:15:04 freebit.net 81098397 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:57 freebit.net 80985196 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:46 freebit.net 81143552 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:38 freebit.net 80628725 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:30 freebit.net 80885281 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:20 freebit.net 81215922 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:11 freebit.net 81232714 Responsible party indicated that the customer was warned.
18 Mar 2004 01:14:03 freebit.net 79413105 Responsible party indicated that the customer was warned.
18 Mar 2004 01:13:55 freebit.net 80927004 Responsible party indicated that the customer was warned.
17 Mar 2004 23:20:15 att.net 81126502 Responsible party indicated that action has been taken.
17 Mar 2004 23:18:48 cbeyond.net 80881724 Thank you for forwarding the information on the virus incident you experienced. Cbeyond Communications takes these matters seriously and is taking the appropriate action. The issue is being investigated and the owner of the IP address from where this incident originated has been notified of this matter and disciplined. For further inquiries on this incident or future matters, please contact us at abuse@cbeyond.net. Cbeyond Technical Support
17 Mar 2004 23:16:31 cbeyond.net 81020120 Thank you for forwarding the information on the virus incident you experienced. Cbeyond Communications takes these matters seriously and is taking the appropriate action. The issue is being investigated and the owner of the IP address from where this incident originated has been notified of this matter and disciplined. For further inquiries on this incident or future matters, please contact us at abuse@cbeyond.net. Cbeyond Technical Support
17 Mar 2004 23:15:45 att.net 81125660 Responsible party indicated that action has been taken.
17 Mar 2004 23:09:17 cbeyond.net 76654503 Thank you for forwarding the information on the virus incident you experienced. Cbeyond Communications takes these matters seriously and is taking the appropriate action. The issue is being investigated and the owner of the IP address from where this incident originated has been notified of this matter and disciplined. For further inquiries on this incident or future matters, please contact us at abuse@cbeyond.net. Cbeyond Technical Support
17 Mar 2004 22:44:41 cbeyond.net 80928825 Thank you for forwarding the information on the virus incident you experienced. Cbeyond Communications takes these matters seriously and is taking the appropriate action. The issue is being investigated and the owner of the IP address from where this incident originated has been notified of this matter and disciplined. For further inquiries on this incident or future matters, please contact us at abuse@cbeyond.net. Cbeyond Technical Support
17 Mar 2004 22:14:35 accesstoledo.com 80669740 Thank you for your email notification. This e-mail is to let you know that we have received the complaint, researched it, and the subscriber has been dealt with according to the terms of our terms of service, acceptable use policy and abuse policy. If you have any concerns or questions please e-mail abuse@accesstoledo.com. Sincerely, Access Toledo Abuse Team
17 Mar 2004 22:14:23 att.net 81114032 Responsible party indicated that action has been taken.
17 Mar 2004 22:10:44 cbeyond.net 74170383 Thank you for forwarding the information on the virus incident you experienced. Cbeyond Communications takes these matters seriously and is taking the appropriate action. The issue is being investigated and the owner of the IP address from where this incident originated has been notified of this matter and disciplined. For further inquiries on this incident or future matters, please contact us at abuse@cbeyond.net. Cbeyond Technical Support
17 Mar 2004 22:02:57 colostate.edu 81020845 Greg Redder at CSU NOC staff has identified this person and e-mailed her a note indicating that we recommend the system be rebuilt. We asked that it be disconnected from the modem network ASAP. --Greg
17 Mar 2004 21:59:58 bu.edu 73615698 Responsible party indicated that the customer was warned.
17 Mar 2004 20:57:20 surfsouth.com 81092685 Responsible party indicated that the customer was warned.
17 Mar 2004 20:55:00 cbeyond.net 75707334 Thank you for forwarding the information on the virus incident you experienced. Cbeyond Communications takes these matters seriously and is taking the appropriate action. The issue is being investigated and the owner of the IP address from where this incident originated has been notified of this matter and disciplined. For further inquiries on this incident or future matters, please contact us at abuse@cbeyond.net. Cbeyond Technical Support
17 Mar 2004 20:36:33 nyu.edu 80171943 Responsible party indicated that action has been taken.
17 Mar 2004 20:19:37 bu.edu 78423695 Responsible party indicated that the customer was warned.
17 Mar 2004 20:16:16 ucsb.edu 76198255 Router filter applied to block suspect traffic.
17 Mar 2004 20:11:46 ucsb.edu 77017059 Router filter applied to block suspect traffic.
17 Mar 2004 19:59:02 bu.edu 80853977 Responsible party indicated that the customer was warned.
17 Mar 2004 19:53:16 surfsouth.com 81092088 Responsible party indicated that the customer was warned.
17 Mar 2004 19:47:14 nyu.edu 80000366 Responsible party indicated that action has been taken.
17 Mar 2004 19:42:37 bu.edu 78651996 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
17 Mar 2004 19:35:06 bu.edu 78500571 Responsible party indicated that the customer was warned.
17 Mar 2004 19:35:05 aecom.yu.edu 81124028 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
17 Mar 2004 19:25:28 maxim.net 79719372 Date: Wed, 17 Mar 2004 14:24:35 -0500 Subject: Incident [Ticket: 1173971] - Ticket number 1173971 From: Gavin Winterfeldt From Address: abuse@hostcentric.com Hello, I have notified our client of your complaint. Please let me know if the problem persists. Thank you, Gavin W. Hostcentric Abuse We have taken the above action on your ticket and believe it satisfies your service request. If you feel additional steps are required please reply back to this message with the ticket number in the subject line and we will reopen the ticket. If you have any questions please do not hesitate to contact us. Thank you for allowing us to serve you. -----Original Message----- From: updatestatusonly@mynetwatchman.com Sent: Saturd
17 Mar 2004 19:22:12 corridor.net 74355590 Responsible party indicated that source host was compromised and has been cleaned or taken offline.
17 Mar 2004 19:13:54 telecom.net.ar 80802187 We have reported this incident to PRIMA (abuse@ciudad.com.ar) ISP who manages the user account with the IP address at the time of the report. Regards Administracion Abuse Telecom Argentina
17 Mar 2004 19:12:00 utk.edu 78597270 Responsible party indicated that action has been taken.
17 Mar 2004 19:10:41 utk.edu 78320560 Responsible party indicated that action has been taken.
17 Mar 2004 19:07:31 bu.edu 81004476 Responsible party indicated that the customer was warned.
17 Mar 2004 18:59:02 surfsouth.com 81099150 Responsible party indicated that the customer was warned.
17 Mar 2004 18:46:45 maxim.net 80758423 Date: Wed, 17 Mar 2004 13:46:05 -0500 Subject: Incident [Ticket: 1173663] - Ticket number 1173663 From: Gavin Winterfeldt From Address: abuse@hostcentric.com Hello, I have notified our client. Please let me know if the problem persists. Thank you, Gavin W. We have taken the above action on your ticket and believe it satisfies your service request. If you feel additional steps are required please reply back to this message with the ticket number in the subject line and we will reopen the ticket. If you have any questions please do not hesitate to contact us. Thank you for allowing us to serve you. -----Original Message----- From: updatestatusonly@mynetwatchman.com Sent: Monday, 15/Mar/2004 10:44:00 Subject: myNe
17 Mar 2004 18:42:58 francetelecom.net 76542717 Date: Wed, 17 Mar 2004 19:35:03 +0100 Subject: RE: 80.8.26.134>[ASf:7
myNetWatchman Incident [76542717] Src 80.8.26.134) Targets:1 From: Abuse Wanadoo Cble From Address: abuse.cable@wanadoo.com Abuse system : ResultDear Sir, The customer to whom has been lent the IP address 80.8.26.134 on March the 11tg (GMT+1) has been contacted by our services. After scrupulous tests and monitoring, it appears clearly that his informatics systems had been corrupted (Kuang 2 zombie) in order to send/relay that Kuang scan around the Net. We are by now helping him to protect his resources. Just after his identification, its owner has been sent an official warning. This letter notifies him he is legally responsible for the any use done 17 Mar 2004 18:26:59 surfsouth.com 81046891 Responsible party indicated that the customer was warned.
Gerald
Chief Forensics Fraud Investigator (tracking & Research)
cigars.bravepages.com/idetintro.htm
