Hi there I was hired to clean up this guy’s site because of some black listing issues
The url: http://humirajustice.com
seotechd@EdenII /tmp/guy/logs $ cat humirajustice.paxildefects.com | grep 404
208.80.194.35 - - [08/Jun/2011:20:44:47 -0500] “GET /images/sev.exe HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 3.5.20706; .NET CLR 3.0.590)”
208.80.194.30 - - [08/Jun/2011:20:47:00 -0500] “GET /images/web.exe HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; IEMB3; .NET CLR 1.1.4322; Windows-Media-Player/10.00.00.3990)”
208.80.194.30 - - [08/Jun/2011:20:47:01 -0500] “GET /images/web.exe HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; libero; ImageShack Toolbar 3.0.3; ImageShack Toolbar 3.0.6)”
208.80.194.30 - - [08/Jun/2011:20:51:36 -0500] “GET /images/rich.exe HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; ZangoToolbar 4.8.3)”
208.80.194.30 - - [08/Jun/2011:20:51:40 -0500] “GET /images/rich.exe HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; SIMBAR=0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)”
174.51.234.252 - - [08/Jun/2011:22:52:11 -0500] “GET /favicon.ico HTTP/1.1” 404 - “-” “Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1”
193.71.68.2 - - [09/Jun/2011:00:15:26 -0500] “HEAD /us1.exe HTTP/1.1” 404 - “” “Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4”
193.71.68.2 - - [09/Jun/2011:00:15:26 -0500] “GET /us1.exe HTTP/1.1” 404 - “” “Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4”
193.71.68.2 - - [09/Jun/2011:00:28:20 -0500] “HEAD /pdf/us1.exe HTTP/1.1” 404 - “” “Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4”
193.71.68.2 - - [09/Jun/2011:00:28:20 -0500] “GET /pdf/us1.exe HTTP/1.1” 404 - “” “Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.4) Gecko/20100513 Firefox/3.6.4”
163.231.6.65 - - [09/Jun/2011:01:02:01 -0500] “GET /favicon.ico HTTP/1.0” 404 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16 (.NET CLR 3.5.30729)”
163.231.6.70 - - [09/Jun/2011:01:47:36 -0500] “GET /favicon.ico HTTP/1.0” 404 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 (.NET CLR 3.5.30729)”
163.231.6.70 - - [09/Jun/2011:01:47:39 -0500] “GET /favicon.ico HTTP/1.0” 404 - “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17 (.NET CLR 3.5.30729)”
84.42.39.77 - - [09/Jun/2011:03:50:17 -0500] “GET /us1.exe HTTP/1.0” 404 - “-” “Wget/1.10.2”
84.42.39.77 - - [09/Jun/2011:04:12:31 -0500] “GET /pdf/us1.exe HTTP/1.0” 404 - “-” “Wget/1.10.2”
90.222.184.134 - - [09/Jun/2011:04:50:56 -0500] “GET /favicon.ico HTTP/1.1” 404 - “-” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Sky Broadband; FBSMTWB; GTB7.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”
90.222.184.134 - - [09/Jun/2011:04:50:57 -0500] “GET /url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADgAAAAOCAYAAAB6pd%2buAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A%2fwD%2foL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oGAhENK17O5ogAAAAZdEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIEdJTVBXgQ4XAAAD6UlEQVRIx82WXWxTdRjGf6fndO3adbZ0VLoP9gFMXZQFNgSWDEkEYtSQkNVg4o2JH9NGJTMk6k01vTIhXshFzTCKE5NFORoXXDBs4nTMZHMzSETHDKyQyb7Xbu36dc7p8aaQZm5GNzd8rk7evOf%2fz%2fM%2bz%2f99X4E1htcn68v5742mffVRJd19uucqH539lSq3yKuHtlDmkPj99aPYe39kfRoMOqgCJHSdJNRL3AEE%2fB7h3xZFgO6JuRQdl6PE8zfRPzlF71CEojoXFc%2b9SPy3KxjCc%2bgCpIE0IilB65YWHFQBfAbUZEIDQGPA7xngDsNgMpFUY0Q0ESHHhKbkM3A9yoFqDceGQpTijWjhXxCAtC6gCWk0BAwLzqkAQsC6TJVDGcKrZdeDXp%2fcvki8zeuTH8uO6ehYzRJumxEUBUkyMa%2baUDWBVDLNnJJgNE9ixGZiOlckaQAVAWmBdTqBzqxQJ%2fD2KgrTCDzq9clywO%2fxZMi1AgcBBbhNPhyJ47TlsGuzjaHRSRRdoKq8AF3XOdvZw1BMQneUMl9iZN4eo3AmRWVwFulvqusAngBOryLBY0AcaPD65LeAFPAk0BLwe57OTnz3i4sc3ruFx2s24MwzoWgaW4tNnPn0JLt37KJ2zwGMgk5X3zd8ONJOX7mGvcK5OEGvT94HNGcs2rjSzrhUUwn4PV1AV4bcm5nwkYDfc3xhbs%2bVWQZH%2btlekc%2fDtRupKrub1uYT7NhWw9bde%2fl2REUSRR56pJT0lxofhM8xaheXVPA1oDPg9zT%2bExmsDqF8hUqmlvi%2bDUs6RWhW5Ov%2bKaxmK5XFLkIzIe7f%2fiBtwypPVZqIRWJ8Ny6x09OEJJs5rrTxn4yJY00NwRU0mtaMLY9kyL3n9clVAb%2fnley8wnyBkkIHrgILm925JGPTJONRDHqaHDQmx2a4Ph4hpFkpcZqZmBhHtbI4wYDfs3%2bNhn5bpqG03LKl1ydXAS97fXJ%2b9jv0Hq6lyK5C%2fBJ6PEjyj2nW2VQGLw5gLKqn92YSxWgjbrRy89ogVosFoyT%2bZUzcurjD65M71oDjCeDzbCIZ5VqAk9mJm9w5zAdPkRx%2bB3H6Y3Kj7TxQMkzLqfe5V71GvttFiduOa3aQc58E6JseJJXSEVhjeH2yvpxN5qVnygj%2fdJQCWxjBAOm0gVRC5MLPdoZnt2F3rsdisTAV7MBlusT3oVK6TOriCv4fIZnsSDlu1IQRNWVGV83kYKFuZzX7PQ1MFOg0j53nh%2bg8qpLg2eogeyJ53JFddDkLtyiZ6%2b%2b674Vu5cZXiIkJdAEMjnvIqzjEjVCS7rmrhOwC0Vwn58fqkIIXeL72Mn8CJn6UfKGeNt4AAAAASUVORK5CYII%3d) HTTP/1.1” 404 - “http://www.humirajustice.com/faq.html” “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Sky Broadband; FBSMTWB; GTB7.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)”
208.80.194.34 - - [09/Jun/2011:08:41:52 -0500] “GET /images/rich.exe HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; {8FC5ADB1-4493-C7F3-0DCE-29A04F22882B}; FunWebProducts)”
208.80.194.34 - - [09/Jun/2011:08:41:57 -0500] “GET /images/rich.exe HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; IEMB3; SpamBlockerUtility 4.8.4; ZangoToolbar 4.8.2; IEMB3)”
208.80.194.34 - - [09/Jun/2011:08:45:27 -0500] “GET /images/web.exe HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; DigExt; (R1 1.5))”
208.80.194.34 - - [09/Jun/2011:08:45:29 -0500] “GET /images/web.exe HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; JSRCC Academic; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)”
208.80.194.34 - - [09/Jun/2011:08:50:07 -0500] “GET /images/sev.exe HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 3.0.04506.30)”
93.163.67.230 - - [09/Jun/2011:10:46:15 -0500] “GET /images/rich.exe HTTP/1.1” 404 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
93.163.67.230 - - [09/Jun/2011:14:14:20 -0500] “GET /pdf/us1.exe HTTP/1.1” 404 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)”
208.80.194.30 - - [09/Jun/2011:15:01:56 -0500] “GET /images/rich.exe HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; SIMBAR Enabled; SIMBAR={EC275FF8-2182-45e8-A194-16EC687B161C}; SIMBAR=0; .NET CLR 1.1.4322)”
208.80.194.30 - - [09/Jun/2011:15:04:07 -0500] “GET /images/web.exe HTTP/1.0” 404 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts; SV1; MSN 9.0;MSN 9.1; MSNbQ002; MSNmen-us; MSNcOTH)”
As you can see by the other malware spiders, there are no executables being hosted on there anymore, his FTP information has been changed with a secure password and the code has been fuzzed down to make sure they can’t drop anything else.
Can you please take humirajustice.com off your domain black list now? Thanks ^^