exportedtransitions.org

[tb0hdan]

Hi,

I'm seeing this from one of the users on local network:

Code: [Select]

10.254.254.28 - - [31/Dec/2012:16:21:38 +0200] "POST http://exportedtransitions.org/pwhacbbsq.pif HTTP/1.1" 500 4553 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; Tablet PC 2.0; Zune 4.7)"                                  |
10.254.254.28 - - [31/Dec/2012:16:22:02 +0200] "POST http://exportedtransitions.org/bikmfssaowadhuynydzmrous.cgi HTTP/1.1" 500 4553 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; Tablet PC 2.0; Zune 4.7)"                   |
10.254.254.28 - - [31/Dec/2012:16:22:02 +0200] "POST http://exportedtransitions.org/azraksoxpglaplqgsztqlcatymdprymppqgkduxmo.tpl HTTP/1.1" 500 4553 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; Tablet PC 2.0; Zune 4.7)"  |
10.254.254.28 - - [31/Dec/2012:16:22:06 +0200] "POST http://exportedtransitions.org/cuoddbyuxbog.pif HTTP/1.1" 500 4553 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; Tablet PC 2.0; Zune 4.7)"                               |

URL's are completely random, with random extensions.

Packet contents:

Code: [Select]

puikn=nlRUMzrXyGukDbieQWFrnjKoOnpqwaVm8FkCJfZUvp8lzMsPmvJ%3D

or

Code: [Select]

kjhgdm=0z0FqPEQgA%2Bcs%2F9tFMQ4mdamSCsU%2FVbiK3%2BlpbzJElnIbjAgVH2%3D


Code: [Select]

essrle=FoKJH6HJf2CllX6WZyGrMTpRQZ%2BvtGsC6raHu%2BUc8JS9C9slcaw%3D


Code: [Select]

rdpg=nKLs%2BV%2F7JfuDHAeSJXmPMSnx2GTeQ%2Bd7XZKzkfK4vJyJtLsPx%2BD%3D


Though, the website seems to be down a bunch of machines still try contacting it.