Blog for hpHosts, and whatever else I feel like writing about ....

Tuesday 9 November 2010

IAC: Still not stopping "rogue affiliates"

I've got an update on SurfTown coming shortly (still not cleaned their network!!), but in the meantime, a look at what was reported to me as a spammer site, using the same well known fake news site layout, is sending people to SmileyCentral when you click their links - nice to know IAC are still not trying to put a stop to this .... (though perhaps not surprising).

The site, grantsguide.info is housed at (you'll not be surprised to see the ASN involved);

Current IP*: 217.23.5.228
IP PTR: Resolution failed
ASN: 49981 217.23.0.0/20 WORLDSTREAM WorldStream

The IP used to house newmovieswatchnow.com (now hosted by NetDirekt (AS28753) at 217.20.116.177), which sends you either to one of those familiar "survey" (scam) sites at mediaboxrussia.com (109.236.82.121, AS49981 109.236.80.0/20 WORLDSTREAM WorldStream), or to flvpro.com (174.137.179.7 PTR: tigertango.com, AS36057 174.137.176.0/22 WEBAIR-AMS Webair Internet Development Inc), depending on which link you click ("Download" or "Watch Online Now").

The headers for the redirection are;

GET /Breaking%20News%20%20New%20Online%20Jobs%20Available/Kwick_Shopz.htm HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, */*
Referer: http://grantsguide.info/
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 26 Oct 2010 15:10:11 GMT
If-None-Match: "29800ea-182-49386814c3ac0"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: grantsguide.info
Connection: Keep-Alive

HTTP/1.1 304 Not Modified
Date: Wed, 10 Nov 2010 00:16:46 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "29800ea-182-49386814c3ac0"

------------------------------------------------------------------
GET /rd/r.php?sid=1343&pub=502441&c1=&c2=&c3= HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, */*
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Connection: Keep-Alive
Host: affiliate.adtrtracker.com
Pragma: no-cache
Cookie: PHPSESSID=mnkai350regdhgg3jshh4lnrp5; uid1343=832364870-20101109192659-2a874d6a2ab251a1daf4844645a2d607-0

HTTP/1.1 302 Found
Date: Wed, 10 Nov 2010 00:27:50 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR STP COM", policyref="/w3c/p3p.xml"
Set-Cookie: test=test; expires=Wed, 10-Nov-2010 00:27:40 GMT
Set-Cookie: track=track; expires=Wed, 10-Nov-2010 00:27:40 GMT
Set-Cookie: uid1343=832364870-20101109192750-2a874d6a2ab251a1daf4844645a2d607-; path=/
Location: http://x.azjmp.com/4DfvY?azauxurl=60613&sub=502441&clickid=832364870
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

------------------------------------------------------------------
GET /4DfvY?azauxurl=60613&sub=502441&clickid=832364870 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, */*
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Connection: Keep-Alive
Host: x.azjmp.com
Pragma: no-cache
Cookie: OAID=EA4C91A033763462C4C166AC44739317; 919_long_tracker=12-0-cNvIlIYYK0xYU5zr0nvbmJDdvFTmhInUXrBEfNcaSwGNVbkO5UcGVapAeXI8tsYbUYvTNW4d; 919_44535_short_tracker=12-618688868-502441

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 10 Nov 2010 00:27:56 GMT
Transfer-Encoding: chunked
Connection: close
Location: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Set-Cookie: OAID=EA4C91A033763462C4C166AC44739317; Expires=Thu, 10 Nov 2011 00:27:56 GMT; Max-Age=31536000; Domain=azjmp.com; Path=/
Set-Cookie: 919_long_tracker=12-0-cNvIlIYYK0xYU5zr0nvbmJDdvFTmhInUXrBEfNcaSwGNVbkO5UcGVapAeXI8tsYbUYvSOWkR; Expires=Fri, 10 Dec 2010 00:27:56 GMT; Max-Age=2592000; Domain=azjmp.com; Path=/
Set-Cookie: 919_44535_short_tracker=12-618689414-502441; Expires=Thu, 11 Nov 2010 00:27:56 GMT; Max-Age=86400; Domain=azjmp.com; Path=/
P3P: policyref="http://azjmp.com/w3c/policy.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"

------------------------------------------------------------------
GET /dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/msword, application/vnd.ms-excel, */*
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Connection: Keep-Alive
Cookie: __utma=152833723.1467643908.1289348828.1289348828.1289348828.1; __utmb=152833723; __utmc=152833723; __utmz=152833723.1289348828.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Pragma: no-cache
Host: www.smileycentral.com

HTTP/1.1 200 OK
Date: Wed, 10 Nov 2010 00:27:56 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Language: en-GB
Content-Length: 6528
Connection: close
Content-Type: text/html;charset=UTF-8

------------------------------------------------------------------
GET /dl/generateExternalObject.js HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Nov 2010 19:48:16 GMT
If-None-Match: W/"7350-1288900096000"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: www.smileycentral.com
Connection: Keep-Alive
Pragma: no-cache
Cookie: __utma=152833723.1467643908.1289348828.1289348828.1289348828.1; __utmb=152833723; __utmc=152833723; __utmz=152833723.1289348828.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

HTTP/1.1 200 OK
Date: Wed, 10 Nov 2010 00:27:57 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
ETag: W/"7350-1288899867000"
Last-Modified: Thu, 04 Nov 2010 19:44:27 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 2435
Connection: close
Content-Type: text/javascript

------------------------------------------------------------------
GET /dl/toolbarDetect/toolbar.js HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Nov 2010 19:49:16 GMT
If-None-Match: W/"38471-1288900156000"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: www.smileycentral.com
Connection: Keep-Alive
Pragma: no-cache
Cookie: __utma=152833723.1467643908.1289348828.1289348828.1289348828.1; __utmb=152833723; __utmc=152833723; __utmz=152833723.1289348828.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

HTTP/1.1 200 OK
Date: Wed, 10 Nov 2010 00:27:57 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
ETag: W/"38471-1288899867000"
Last-Modified: Thu, 04 Nov 2010 19:44:27 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/javascript

------------------------------------------------------------------
GET /images/opt/sc/20070312_smiley_central.css HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 12 Mar 2007 19:20:19 GMT
If-None-Match: "2f6d31-ad6-42b7fa9f3a2c0"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: text/css
Expires: Thu, 09 Mar 2017 19:20:19 GMT
Last-Modified: Mon, 12 Mar 2007 19:20:19 GMT
ETag: "2f6d31-ad6-42b7fa9f3a2c0"
Cache-Control: max-age=208423088
Date: Wed, 10 Nov 2010 00:27:57 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /__utm.js HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: utm2.smileycentral.com
Connection: Keep-Alive
Pragma: no-cache
Cookie: __utma=152833723.1467643908.1289348828.1289348828.1289348828.1; __utmb=152833723; __utmc=152833723; __utmz=152833723.1289348828.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

HTTP/1.1 200 OK
Date: Wed, 10 Nov 2010 00:27:57 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
Last-Modified: Thu, 22 Jul 2010 17:50:51 GMT
ETag: "b44e9-40a2-48bfd8f1ef4c0"
Accept-Ranges: bytes
Content-Length: 16546
Pragma: no-cache
Cache-control: max-age=0, no-cache
Expires: Sat 02 Apr 1977 17:15:00 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Connection: close
Content-Type: application/javascript

------------------------------------------------------------------
GET /images/opt/sc/20070102_Blbutton_anim_330_roll.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 02 Jan 2007 21:39:54 GMT
If-None-Match: "2f6d6f-130f-4261592171e80"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Fri, 30 Dec 2016 21:39:54 GMT
Last-Modified: Tue, 02 Jan 2007 21:39:54 GMT
ETag: "2f6d6f-130f-4261592171e80"
Cache-Control: max-age=201173172
Date: Wed, 10 Nov 2010 00:27:57 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/opt/sc/20060622_background_05.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 22 Jun 2006 14:42:49 GMT
If-None-Match: "2f6dc8-30d7-416d121452c40"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Sun, 19 Jun 2016 14:42:49 GMT
Last-Modified: Thu, 22 Jun 2006 14:42:49 GMT
ETag: "2f6dc8-30d7-416d121452c40"
Cache-Control: max-age=185683238
Date: Wed, 10 Nov 2010 00:27:57 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /__utm.gif?utmwv=6.1&utmn=1171131674&utmsr=1366x768&utmsc=32-bit&utmul=en-us&utmje=1&utmjv=1.3&utmfl=10.0&utmdt=Smiley%20Central%20--%2010%2C000%20Free%20smiley%20emoticons%20for%20email%20and%20instant%20messages%21&utmhn=www.smileycentral.com&utmr=-&utmp=/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2 HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: utmtrk2.smileycentral.com
Connection: Keep-Alive
Pragma: no-cache
Cookie: __utma=152833723.1467643908.1289348828.1289348828.1289348828.1; __utmb=152833723; __utmc=152833723; __utmz=152833723.1289348828.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

HTTP/1.1 200 OK
Date: Wed, 10 Nov 2010 00:27:58 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
Last-Modified: Wed, 02 Jun 2010 18:37:52 GMT
ETag: "b4042-23-4881063334000"
Accept-Ranges: bytes
Content-Length: 35
Pragma: no-cache
Cache-control: max-age=0, no-cache
Expires: Sat 02 Apr 1977 17:15:00 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Connection: close
Content-Type: image/gif

------------------------------------------------------------------
GET /images/opt/sc/20060126_logo_03.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 29 Aug 2006 21:05:58 GMT
If-None-Match: "2f6f0d-18d4-41c2e68baf980"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Fri, 26 Aug 2016 21:05:58 GMT
Last-Modified: Tue, 29 Aug 2006 21:05:58 GMT
ETag: "2f6f0d-18d4-41c2e68baf980"
Cache-Control: max-age=191581426
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/smileycentral/pattern_02.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 02 May 2006 16:51:20 GMT
If-None-Match: "87de26-354-412d0faf99200"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Fri, 29 Apr 2016 16:51:20 GMT
Last-Modified: Tue, 02 May 2006 16:51:20 GMT
ETag: "87de26-354-412d0faf99200"
Cache-Control: max-age=176370931
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/smileycentral/pattern_03.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 02 May 2006 16:56:13 GMT
If-None-Match: "2f39a7-341-412d10c706540"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Fri, 29 Apr 2016 16:56:13 GMT
Last-Modified: Tue, 02 May 2006 16:56:13 GMT
ETag: "2f39a7-341-412d10c706540"
Cache-Control: max-age=181284840
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/opt/sc/20051014_bullet_yellow.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 18 Oct 2005 19:59:32 GMT
If-None-Match: "2f6e7d-398-4036cc3225100"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Fri, 16 Oct 2015 19:59:32 GMT
Last-Modified: Tue, 18 Oct 2005 19:59:32 GMT
ETag: "2f6e7d-398-4036cc3225100"
Cache-Control: max-age=164418762
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/opt/sc/20051014_spacer.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 18 Oct 2005 20:03:51 GMT
If-None-Match: "2f6e5c-2b-4036cd29257c0"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Fri, 16 Oct 2015 20:03:51 GMT
Last-Modified: Tue, 18 Oct 2005 20:03:51 GMT
ETag: "2f6e5c-2b-4036cd29257c0"
Cache-Control: max-age=164361698
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/opt/sc/20071212_cptE2_330x61_1107.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Wed, 12 Dec 2007 17:22:31 GMT
If-None-Match: "2f6c9e-1fc4-4411a1306a3c0"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Sat, 09 Dec 2017 17:22:31 GMT
Last-Modified: Wed, 12 Dec 2007 17:22:31 GMT
ETag: "2f6c9e-1fc4-4411a1306a3c0"
Cache-Control: max-age=232176018
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/installer/smiley/sc_400x27n.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 02 Oct 2006 18:22:39 GMT
If-None-Match: "12e651-60c-41ed81744d9c0"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Thu, 29 Sep 2016 18:22:39 GMT
Last-Modified: Mon, 02 Oct 2006 18:22:39 GMT
ETag: "12e651-60c-41ed81744d9c0"
Cache-Control: max-age=194509225
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/installer/smiley/sc_760x12n.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 21 Apr 2006 15:56:36 GMT
If-None-Match: "12e66a-3ee-411f2eefa9500"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Mon, 18 Apr 2016 15:56:36 GMT
Last-Modified: Fri, 21 Apr 2006 15:56:36 GMT
ETag: "12e66a-3ee-411f2eefa9500"
Cache-Control: max-age=180330861
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/installer/smiley/SC_hp_animation_loop3.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 21 Apr 2006 14:00:13 GMT
If-None-Match: "12e655-837d-411f14ec27540"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Mon, 18 Apr 2016 14:00:13 GMT
Last-Modified: Fri, 21 Apr 2006 14:00:13 GMT
ETag: "12e655-837d-411f14ec27540"
Cache-Control: max-age=180323878
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/opt/sc/20051014_content_area_03_01.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 18 Oct 2005 19:59:33 GMT
If-None-Match: "90f9ba-55-4036cc3319340"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Fri, 16 Oct 2015 19:59:33 GMT
Last-Modified: Tue, 18 Oct 2005 19:59:33 GMT
ETag: "90f9ba-55-4036cc3319340"
Cache-Control: max-age=159312330
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/opt/sc/20051014_content_area_03_03.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 18 Oct 2005 19:59:34 GMT
If-None-Match: "90f9bc-55-4036cc340d580"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Fri, 16 Oct 2015 19:59:34 GMT
Last-Modified: Tue, 18 Oct 2005 19:59:34 GMT
ETag: "90f9bc-55-4036cc340d580"
Cache-Control: max-age=159312331
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/opt/sc/20051014_content_area_03_07.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 18 Oct 2005 20:00:59 GMT
If-None-Match: "90f9c0-61-4036cc851d4c0"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Fri, 16 Oct 2015 20:00:59 GMT
Last-Modified: Tue, 18 Oct 2005 20:00:59 GMT
ETag: "90f9c0-61-4036cc851d4c0"
Cache-Control: max-age=159278765
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/opt/sc/20051014_content_area_03_09.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 18 Oct 2005 20:01:41 GMT
If-None-Match: "90f9c2-5f-4036ccad2b340"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Fri, 16 Oct 2015 20:01:41 GMT
Last-Modified: Tue, 18 Oct 2005 20:01:41 GMT
ETag: "90f9c2-5f-4036ccad2b340"
Cache-Control: max-age=159278807
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/opt/sc/20051014_pattern_03a.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 28 Apr 2006 15:17:02 GMT
If-None-Match: "2f6e77-341-4127f325dd780"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Mon, 25 Apr 2016 15:17:02 GMT
Last-Modified: Fri, 28 Apr 2006 15:17:02 GMT
ETag: "2f6e77-341-4127f325dd780"
Cache-Control: max-age=180933287
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/opt/sc/20051014_pattern_01.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 18 Oct 2005 20:02:46 GMT
If-None-Match: "2f6e59-34f-4036cceb28580"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Fri, 16 Oct 2015 20:02:46 GMT
Last-Modified: Tue, 18 Oct 2005 20:02:46 GMT
ETag: "2f6e59-34f-4036cceb28580"
Cache-Control: max-age=164361631
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /images/opt/sc/20051014_content_area_03_08.gif HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 18 Oct 2005 20:01:20 GMT
If-None-Match: "90f9c1-7a-4036cc9924400"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: ak.imgfarm.com
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 304 Not Modified
Content-Type: image/gif
Expires: Fri, 16 Oct 2015 20:01:20 GMT
Last-Modified: Tue, 18 Oct 2005 20:01:20 GMT
ETag: "90f9c1-7a-4036cc9924400"
Cache-Control: max-age=156631834
Date: Wed, 10 Nov 2010 00:27:58 GMT
Connection: keep-alive

------------------------------------------------------------------
GET /__utm.gif?utmwv=6.1&utmn=1449806510&utmsr=1366x768&utmsc=32-bit&utmul=en-us&utmje=1&utmjv=1.3&utmfl=10.0&utmdt=Smiley%20Central%20--%2010%2C000%20Free%20smiley%20emoticons%20for%20email%20and%20instant%20messages%21&utmhn=www.smileycentral.com&utmp=/clicks/splash/partner/ZNxuk101YYGB HTTP/1.1
Accept: */*
Referer: http://www.smileycentral.com/dl/index.jhtml?partner=ZNxuk101&spu=true&sub_id=44535&click_hash=12FRXnw&nsrc=az2
Accept-Language: en-GB
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; Avant Browser; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; HPNTDF; .NET4.0C; .NET4.0E; InfoPath.2)
Host: utmtrk2.smileycentral.com
Connection: Keep-Alive
Pragma: no-cache
Cookie: __utma=152833723.1467643908.1289348828.1289348828.1289348828.1; __utmb=152833723; __utmc=152833723; __utmz=152833723.1289348828.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)

HTTP/1.1 200 OK
Date: Wed, 10 Nov 2010 00:27:58 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
Last-Modified: Wed, 02 Jun 2010 18:37:12 GMT
ETag: "b418d-23-4881060d0e600"
Accept-Ranges: bytes
Content-Length: 35
Pragma: no-cache
Cache-control: max-age=0, no-cache
Expires: Sat 02 Apr 1977 17:15:00 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Connection: close
Content-Type: image/gif

------------------------------------------------------------------

Update: Yet more connectivity issues

I am happy to report, I've gotten most of the problems sorted out, so most of the resources are now back online. fSpamlist was moved to an external server owned by Josh, to minimize the downtime.

References:

Issues: Yet more connectivity issues
http://hphosts.blogspot.com/2010/11/issues-yet-more-connectivity-issues.html

Sunday 7 November 2010

Issues: Yet more connectivity issues

Oh joy. As if BT hadn't made things horrid to begin with, with outages sporadically over the past few weeks, it seems something has gone awry again today.

Unfortunately, whilst the primary hpHosts server seems to be working, the rest are not, nor is the mail server (has a motherboard issue). I've done what I can from here, but won't actually have direct access to the servers until later this morning.

My apologies for the downtime folks.

Friday 5 November 2010

Bredolab Takedown – Just the tip of the Iceberg

Recent reports from various sources in the security industry show that a large takedown of servers associated with the “Bredolab” trojan occurred within the past few weeks. While most of the reports have focused around the idea that this infrastructure was solely related to the command and control of Bredolab, our research shows that these servers were used as an all-purpose hosting infrastructure for criminal activity.

This criminal system came to our attention in July 2010, when NetWitness analysts were asked to investigate a hacked wordpress blog.

We found that the following obfuscated script had been injected into all .html and php pages on the site:


Read more
http://www.networkforensics.com/2010/11/04/bredolab-takedown-%E2%80%93-just-the-tip-of-the-iceberg/